5 \___|\___/|_| \_\_____|
9 Version 7.86.0 (26 Oct 2022)
11 Daniel Stenberg (26 Oct 2022)
16 - THANKS: added from the 7.86.0 release
18 Viktor Szakats (25 Oct 2022)
19 - noproxy: include netinet/in.h for htonl()
21 Solve the Amiga build warning by including `netinet/in.h`.
23 `krb5.c` and `socketpair.c` are using `htonl()` too. This header is
24 already included in those sources.
26 Regression from 1e9a538e05c0107c54ef81d9de7cd0b27cd13309
28 Reviewed-by: Daniel Stenberg
31 Marc Hoersken (24 Oct 2022)
32 - CI: fix AppVeyor status failing for starting jobs
34 Daniel Stenberg (24 Oct 2022)
35 - test445: verifies the protocols-over-http-proxy flaw and fix
37 - http_proxy: restore the protocol pointer on error
39 Reported-by: Trail of Bits
43 - multi: remove duplicate include of connect.h
45 Reported-by: Martin Strunz
49 Daniel Gustafsson (24 Oct 2022)
50 - idn: fix typo in test description
54 Daniel Stenberg (24 Oct 2022)
55 - url: use IDN decoded names for HSTS checks
57 Reported-by: Hiroki Kurosawa
61 - unit1614: fix disabled-proxy build
63 Follow-up to 1e9a538e05c01
67 Daniel Gustafsson (24 Oct 2022)
68 - cookies: optimize control character check
70 When checking for invalid octets the strcspn() call will return the
71 position of the first found invalid char or the first NULL byte.
72 This means that we can check the indicated position in the search-
73 string saving a strlen() call.
76 Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
78 Daniel Stenberg (24 Oct 2022)
79 - netrc: replace fgets with Curl_get_line
81 Make the parser only accept complete lines and avoid problems with
84 Reported-by: Hiroki Kurosawa
88 - RELEASE-NOTES: add "Planned upcoming removals include"
90 URL: https://curl.se/mail/archive-2022-10/0001.html
92 Suggested-by: Dan Fandrich
94 Viktor Szakats (23 Oct 2022)
95 - ci: bump to gcc-11 for macos
97 Ref: https://github.blog/changelog/2022-10-03-github-actions-jobs-running-on-macos-latest-are-now-running-on-macos-12/
98 Ref: https://github.com/actions/runner-images/blob/main/images/macos/macos-12-Readme.md
100 Reviewed-by: Max Dymond
103 - Makefile.m32: reintroduce CROSSPREFIX and -W -Wall [ci skip]
105 - Reintroduce `CROSSPREFIX`:
107 If set, we add it to the `CC` and `AR` values, and to the _default_
108 value of `RC`, which is `windres`. This allows to control each of
109 these individidually, while also allowing to simplify configuration
112 This variable worked differently earlier. Hopefully this new solution
113 hits a better compromise in usefulness/complexity/flexibility.
115 Follow-up to: aa970c4c08775afcd0c2853be89b0a6f02582d50
117 - Enable warnings again:
119 This time with an option to override it via `CFLAGS`. Warnings are
120 also enabled by default in CMake, `makefile.dj` and `makefile.amiga`
121 builds (not in autotools though).
123 Follow-up to 10fbd8b4e3f83b967fd9ad9a41ab484c0e7e7ca3
127 - noproxy: silence unused variable warnings with no ipv6
129 Follow-up to 36474f1050c7f4117e3c8de6cc9217cfebfc717d
131 Reviewed-by: Daniel Stenberg
134 Daniel Stenberg (22 Oct 2022)
135 - test644: verify --xattr (with redirect)
137 - tool_xattr: save the original URL, not the final redirected one
139 Adjusted test 1621 accordingly.
141 Reported-by: Viktor Szakats
145 - docs: make sure libcurl opts examples pass in long arguments
151 Marc Hoersken (21 Oct 2022)
152 - CI: fix AppVeyor job links only working for most recent build
154 Ref: https://github.com/curl/curl/pull/9768#issuecomment-1286675916
155 Reported-by: Daniel Stenberg
159 Viktor Szakats (21 Oct 2022)
160 - noproxy: fix builds without AF_INET6
162 Regression from 1e9a538e05c0107c54ef81d9de7cd0b27cd13309
164 Reviewed-by: Daniel Stenberg
168 Daniel Stenberg (21 Oct 2022)
169 - noproxy: support proxies specified using cidr notation
171 For both IPv4 and IPv6 addresses. Now also checks IPv6 addresses "correctly"
172 and not with string comparisons.
174 Split out the noproxy checks and functionality into noproxy.c
176 Added unit test 1614 to verify checking functions.
178 Reported-by: Mathieu Carbonneaux
184 - urlapi: remove two variable assigns
186 To please scan-build:
188 urlapi.c:1163:9: warning: Value stored to 'qlen' is never read
189 qlen = Curl_dyn_len(&enc);
191 urlapi.c:1164:9: warning: Value stored to 'query' is never read
192 query = u->query = Curl_dyn_ptr(&enc);
193 ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
195 Follow-up to 7d6cf06f571d57
199 - [Jeremy Maitin-Shepard brought this change]
201 cmake: improve usability of CMake build as a sub-project
203 - Renames `uninstall` -> `curl_uninstall`
204 - Ensures all export rules are guarded by CURL_ENABLE_EXPORT_TARGET
208 - [Don J Olmstead brought this change]
210 easy_lock: check for HAVE_STDATOMIC_H as well
212 The check for `HAVE_STDATOMIC_H` looks to see if the `stdatomic.h`
217 - RELEASE-NOTES: synced
219 - [Brad Harder brought this change]
221 CURLMOPT_PIPELINING.3: dedup manpage xref
225 Marc Hoersken (20 Oct 2022)
226 - CI: report AppVeyor build status for each job
228 Also give each job on AppVeyor CI a human-readable name.
230 This aims to make job and therefore build failures more visible.
232 Reviewed-by: Marcel Raad
235 Viktor Szakats (20 Oct 2022)
236 - amiga: set SIZEOF_CURL_OFF_T=8 by default [ci skip]
238 Reviewed-by: Daniel Stenberg
242 - connect: fix builds without AF_INET6
244 Regression from 2b309560c1e5d6ed5c0e542e6fdffa968b0521c9
246 Reviewed-by: Daniel Stenberg
247 Reviewed-by: Jay Satiro
251 Daniel Stenberg (20 Oct 2022)
252 - test1105: adjust <data> to work with a hyper build
256 - urlapi: fix parsing URL without slash with CURLU_URLENCODE
258 When CURLU_URLENCODE is set, the parser would mistreat the path
259 component if the URL was specified without a slash like in
260 http://local.test:80?-123
262 Extended test 1560 to reproduce and verify the fix.
264 Reported-by: Trail of Bits
268 Marc Hoersken (19 Oct 2022)
269 - tests: avoid CreateThread if _beginthreadex is available
271 CreateThread is not threadsafe if mixed with CRT calls.
272 _beginthreadex on the other hand can be mixed with CRT.
274 Reviewed-by: Marcel Raad
277 Jay Satiro (19 Oct 2022)
278 - [Joel Depooter brought this change]
280 schannel: Don't reset recv/send function pointers on renegotiation
282 These function pointers will have been set when the initial TLS
283 handshake was completed. If they are unchanged, there is no need to set
284 them again. If they have been changed, as is the case with HTTP/2, we
285 don't want to override that change. That would result in the
286 http22_recv/send functions being completely bypassed.
288 Prior to this change a connection that uses Schannel with HTTP/2 would
289 fail on renegotiation with error "Received HTTP/0.9 when not allowed".
291 Fixes https://github.com/curl/curl/issues/9451
292 Closes https://github.com/curl/curl/pull/9756
294 Viktor Szakats (18 Oct 2022)
295 - hostip: guard PF_INET6 use
297 Some platforms (e.g. Amiga OS) do not have `PF_INET6`. Adjust the code
301 hostip.c: In function 'fetch_addr':
302 hostip.c:308:12: error: 'PF_INET6' undeclared (first use in this function)
307 Regression from 1902e8fc511078fb5e26fc2b907b4cce77e1240d
309 Reviewed-by: Daniel Stenberg
313 - amiga: do not hardcode openssl/zlib into the os config [ci skip]
315 Enable them in `lib/makefile.amiga` and `src/makefile.amiga` instead.
317 This allows builds without openssl and/or zlib. E.g. with the
318 <https://github.com/bebbo/amiga-gcc> cross-compiler.
320 Reviewed-by: Daniel Stenberg
324 - amigaos: add missing curl header [ci skip]
326 Without it, `CURLcode` and `CURLE_*` are undefined. `lib/hostip.h` and
327 conditional local code need them.
329 Reviewed-by: Daniel Stenberg
333 Daniel Stenberg (18 Oct 2022)
334 - cmdline/docs: add a required 'multi' keyword for each option
336 The keyword specifies how option works when specified multiple times:
338 - single: the last provided value replaces the earlier ones
339 - append: it supports being provided multiple times
340 - boolean: on/off values
341 - mutex: flag-like option that disable anoter flag
343 The 'gen.pl' script then outputs the proper and unified language for
344 each option's multi-use behavior in the generated man page.
346 The multi: header is requires in each .d file and will cause build error
347 if missing or set to an unknown value.
351 - CURLOPT_AUTOREFERER.3: highlight the privacy leak risk
355 - mprintf: reject two kinds of precision for the same argument
357 An input like "%.*1$.9999d" would first use the precision taken as an
358 argument *and* then the precision specified in the string, which is
359 confusing and wrong. pass1 will now instead return error on this double
362 Adjusted unit test 1398 to verify
364 Reported-by: Peter Goodman
368 - ftp: remove redundant if
370 Reported-by: Trail of Bits
374 - tool_operate: more transfer cleanup after parallel transfer fail
376 In some circumstances when doing parallel transfers, the
377 single_transfer_cleanup() would not be called and then 'inglob' could
382 Reported-by: Trail of Bits
385 - mqtt: spell out CONNECT in comments
387 Instead of calling it 'CONN' in several comments, use the full and
388 correct protocol packet name.
390 Suggested by Trail of Bits
394 - CURLOPT_POSTFIELDS.3: refer to CURLOPT_MIMEPOST
396 Not the deprecated CURLOPT_HTTPPOST option.
398 Also added two see-alsos.
400 Reported-by: Trail of Bits
403 - RELEASE-NOTES: synced
405 Jay Satiro (17 Oct 2022)
406 - ngtcp2: Fix build errors due to changes in ngtcp2 library
408 ngtcp2/ngtcp2@b0d86f60 changed:
410 - ngtcp2_conn_get_max_udp_payload_size =>
411 ngtcp2_conn_get_max_tx_udp_payload_size
413 - ngtcp2_conn_get_path_max_udp_payload_size =>
414 ngtcp2_conn_get_path_max_tx_udp_payload_size
416 ngtcp2/ngtcp2@ec59b873 changed:
418 - 'early_data_rejected' member added to ng_callbacks.
420 Assisted-by: Daniel Stenberg
421 Reported-by: jurisuk@users.noreply.github.com
423 Fixes https://github.com/curl/curl/issues/9747
424 Closes https://github.com/curl/curl/pull/9748
426 Daniel Stenberg (16 Oct 2022)
427 - curl_path: return error if given a NULL homedir
431 - libssh: if sftp_init fails, don't get the sftp error code
433 This flow extracted the wrong code (sftp code instead of ssh code), and
434 the code is sometimes (erroneously) returned as zero anyway, so skip
435 getting it and set a generic error.
437 Reported-by: David McLaughlin
441 - mqtt: return error for too long topic
445 - [Rickard HallerbƤck brought this change]
447 tool_paramhlp: make the max argument a 'double'
449 To fix compiler warnings "Implicit conversion from 'long' to 'double'
454 Marc Hoersken (15 Oct 2022)
455 - [Philip Heiduck brought this change]
457 cirrus-ci: add more macOS builds with m1 based on x86_64 builds
459 Also refactor macOS builds to use task matrix.
461 Assisted-by: Marc Hƶrsken
464 Viktor Szakats (14 Oct 2022)
465 - cmake: set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows
467 `lib/config-win32.h` enables this configuration option unconditionally.
468 Make it apply to CMake builds as well.
470 While here, delete a broken check for
471 `HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID` from `CMakeLists.txt`. This came with
472 the initial commit [1], but did not include the actual verification code
473 inside `CMake/CurlTests.c`, so it always failed. A later commit [2]
474 added a second test, for non-Windows platforms.
476 Enabling this flag causes test 1056 to fail with CMake builds, as they
477 do with autotools builds. Let's apply the same solution and ignore the
478 results here as well.
480 [1] 4c5307b45655ba75ab066564afdc0c111a8b9291
481 [2] aec7c5a87c8482b6ddffa352d7d220698652262e
483 Reviewed-by: Daniel Stenberg
484 Assisted-by: Marcel Raad
488 - cmake: set HAVE_GETADDRINFO_THREADSAFE on Windows
490 autotools enables this configuration option unconditionally for Windows
491 [^1]. Do the same in CMake.
493 The above will make this work for all reasonably recent environments.
494 The logic present in `lib/config-win32.h` [^2] has the following
495 exceptions which we did not cover in this CMake update:
497 - Builds targeting Windows 2000 and earlier
498 - MS Visual C++ 5.0 (1997) and earlier
500 Also make sure to disable this feature when `HAVE_GETADDRINFO` isn't
501 set, to avoid a broken build. We might want to handle that in the C
502 sources in a future commit.
504 [^1]: https://github.com/curl/curl/blob/68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6/m4/curl-functions.m4#L2067-L2070
506 [^2]: https://github.com/curl/curl/blob/68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6/lib/config-win32.h#L511-L528
510 - cmake: sync HAVE_SIGNAL detection with autotools
512 `HAVE_SIGNAL` means the availability of the `signal()` function in
513 autotools, while in CMake it meant the availability of that function
514 _and_ the symbol `SIGALRM`.
516 The latter is not available on Windows, but the function is, which means
517 on Windows, autotools did define `HAVE_SIGNAL`, but CMake did not,
518 introducing a slight difference into the binaries.
520 This patch syncs CMake behaviour with autotools to look for the function
523 The logic came with the initial commit adding CMake support to curl, so
524 the commit history doesn't reveal the reason behind it. In any case,
525 it's best to check the existence of `SIGALRM` directly in the source
526 before use. For now, curl builds fine with `HAVE_SIGNAL` enabled and
529 Follow-up to 68fa9bf3f5d7b4fcbb57619f70cb4aabb79a51f6
533 - cmake: delete duplicate HAVE_GETADDRINFO test
535 A custom `HAVE_GETADDRINFO` check came with the initial CMake commit
536 [1]. A later commit [2] added a standard check for it as well. The
537 standard check run before the custom one, so CMake ignored the latter.
539 The custom check was also non-portable, so this patch deletes it in
540 favor of the standard check.
542 [1] 4c5307b45655ba75ab066564afdc0c111a8b9291
543 [2] aec7c5a87c8482b6ddffa352d7d220698652262e
547 Daniel Stenberg (14 Oct 2022)
548 - tool_formparse: unroll the NULL_CHECK and CONST_FREE macros
550 To make the code read more obvious
552 Assisted-by: Jay Satiro
556 - [Christopher Sauer brought this change]
558 docs/INSTALL: update Android Instructions for newer NDKs
562 - markdown-uppercase: ignore quoted sections
564 Sections within the markdown ~~~ or ``` are now ignored.
568 - RELEASE-NOTES: synced
570 - test8: update as cookies no longer can have "embedded" TABs in content
572 - test1105: extend to verify TAB in name/content discarding cookies
574 - cookie: reject cookie names or content with TAB characters
576 TABs in name and content seem allowed by RFC 6265: "the algorithm strips
577 leading and trailing whitespace from the cookie name and value (but
578 maintains internal whitespace)"
580 Cookies with TABs in the names are rejected by Firefox and Chrome.
582 TABs in content are stripped out by Firefox, while Chrome discards the
585 TABs in cookies also cause issues in saved netscape cookie files.
587 Reported-by: Trail of Bits
589 URL: https://curl.se/mail/lib-2022-10/0032.html
590 URL: https://github.com/httpwg/http-extensions/issues/2262
594 - curl/add_parallel_transfers: better error handling
596 1 - consider the transfer handled at once when in the function, to avoid
597 the same list entry to get added more than once in rare error
600 2 - set the ERRORBUFFER for the handle first after it has been added
603 Reported-by: Trail of Bits
607 - netrc: remove the two 'changed' arguments
609 As no user of these functions used the returned content.
611 - test495: verify URL encoded user name + netrc-optional
613 Reproduced issue #9709
615 - netrc: use the URL-decoded user
617 When the user name is provided in the URL it is URL encoded there, but
618 when used for authentication the encoded version should be used.
620 Regression introduced after 7.83.0
622 Reported-by: Jonas Haag
626 - [Shaun Mirani brought this change]
628 url: allow non-HTTPS HSTS-matching for debug builds
632 - test1275: remove the check of stderr
634 To avoid the mysterious test failures on Windows, instead rely on the
635 error code returned on failure.
640 Viktor Szakats (13 Oct 2022)
641 - lib: set more flags in config-win32.h
643 The goal is to add any flag that affect the created binary, to get in
644 sync with the ones built with CMake and autotools.
646 I took these flags from curl-for-win [0], where they've been tested with
647 mingw-w64 and proven to work well.
649 This patch brings them to curl as follows:
651 - Enable unconditionally those force-enabled via
652 `CMake/WindowsCache.cmake`:
656 - `HAVE_SIGNAL` (CMake equivalent is `HAVE_SIGNAL_FUNC`)
658 - Expand existing guards with mingw-w64:
663 - Enable Win32 API functions for Windows Vista and later:
668 - Set sizes, if not already set:
671 - `_FILE_OFFSET_BITS = 64` when `USE_WIN32_LARGE_FILES` is set,
674 - Add the remaining for mingw-w64 only. Feel free to expand as desired:
683 - `HAVE_SIGNAL` has a different meaning in CMake. It's enabled when both
684 the `signal()` function and the `SIGALRM` macro are found. In
685 autotools and this header, it means the function only. For the
686 function alone, CMake uses `HAVE_SIGNAL_FUNC`.
688 [0] https://github.com/curl/curl-for-win/blob/c9b9a5f273c94c73d2b565ee892c4dff0ca97a8c/curl-m32.sh#L53-L58
690 Reviewed-by: Daniel Stenberg
694 Daniel Stenberg (13 Oct 2022)
695 - tests: add tests/markdown-uppercase.pl to dist tarball
697 Follow-up to aafb06c5928183d
701 - tool_paramhelp: asserts verify maximum sizes for string loading
703 The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest
704 strings accepted when loading files into memory, but as the size is
705 later used as input to functions that take the size as 'int' as
706 argument, the sizes must not be larger than INT_MAX.
708 These two new assert()s make the code error out if someone would bump
709 the sizes without this consideration.
711 Reported-by Trail of Bits
715 - http: try parsing Retry-After: as a number first
717 Since the date parser allows YYYYMMDD as a date format (due to it being
718 a bit too generic for parsing this particular header), a large integer
719 number could wrongly match that pattern and cause the parser to generate
722 No date format accepted for this header starts with a decimal number, so
723 by reversing the check and trying a number first we can deduct that if
724 that works, it was not a date.
726 Reported-by Trail of Bits
730 - [Patrick Monnerat brought this change]
732 doc: fix deprecation versions inconsistencies
734 Ref: https://curl.se/mail/lib-2022-10/0026.html
738 - http_aws_sigv4: fix strlen() check
740 The check was off-by-one leading to buffer overflow.
742 Follow-up to 29c4aa00a16872
748 - curl/main_checkfds: check the fcntl return code better
750 fcntl() can (in theory) return a non-zero number for success, so a
751 better test for error is checking for -1 explicitly.
753 Follow-up to 41e1b30ea1b77e9ff
755 Mentioned-by: Dominik Klemba
759 Viktor Szakats (12 Oct 2022)
760 - tidy-up: delete unused HAVE_STRUCT_POLLFD
762 It was only defined in `lib/config-win32.h`, when building for Vista.
764 It was only used in `select.h`, in a condition that also included a
765 check for `POLLIN` which is a superior choice for this detection and
766 which was already used by cmake and autotools builds.
768 Delete both instances of this macro.
772 Daniel Stenberg (12 Oct 2022)
773 - test1275: verify upercase after period in markdown
775 Script based on the #9474 pull-request logic, but implemented in perl.
777 Updated docs/URL-SYNTAX.md accordingly.
779 Suggested-by: Dan Fandrich
783 - [12932 brought this change]
785 misc: nitpick grammar in comments/docs
787 because the 'u' in URL is actually a consonant *sound* it is only
788 correct to write "a URL"
790 sorry this is a bit nitpicky :P
792 https://english.stackexchange.com/questions/152/when-should-i-use-a-vs-an
793 https://www.techtarget.com/whatis/feature/Which-is-correct-a-URL-or-an-URL
797 Viktor Szakats (11 Oct 2022)
798 - Makefile.m32: drop CROSSPREFIX and our CC/AR defaults [ci skip]
800 This patch aimed to fix a regression [0], where `CC` initialization
801 moved beyond its first use. But, on closer inspection it turned out that
802 the `CC` initialization does not work as expected due to GNU Make
803 filling it with `cc` by default. So unless implicit values were
804 explicitly disabled via a GNU Make option, the default value of
805 `$CROSSPREFIX` + `gcc` was never used. At the same time the implicit
806 value `cc` maps to `gcc` in (most/all?) MinGW envs.
808 `AR` has the same issue, with a default value of `ar`.
810 We could reintroduce a separate variable to fix this without ill
811 effects, but for simplicity and flexibility, it seems better to drop
812 support for `CROSSPREFIX`, along with our own `CC`/`AR` init logic, and
813 require the caller to initialize `CC`, `AR` and `RC` to the full
814 (prefixed if necessary) names of these tools, as desired.
816 We keep `RC ?= windres` because `RC` is empty by default.
818 Also fix grammar in a comment.
820 [0] 10fbd8b4e3f83b967fd9ad9a41ab484c0e7e7ca3
824 - smb: replace CURL_WIN32 with WIN32
826 PR #9255 aimed to fix a Cygwin/MSYS issue (#8220). It used the
827 `CURL_WIN32` macro, but that one is not defined here, while compiling
828 curl itself. This patch changes this to `WIN32`, assuming this was the
831 Regression from 1c52e8a3795ccdf8ec9c308f4f8f19cf10ea1f1a
833 Reviewed-by: Marcel Raad
837 Daniel Stenberg (11 Oct 2022)
838 - [Matthias Gatto brought this change]
840 aws_sigv4: fix header computation
842 Handle canonical headers and signed headers creation as explained here:
843 https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
845 The algo tells that signed and canonical must contain at last host and
848 So we check whatever thoses are present in the curl http headers list.
849 If they are, we use the one enter by curl user, otherwise we generate
850 them. then we to lower, and remove space from each http headers plus
851 host and x-amz-date, then sort them all by alphabetical order.
853 This patch also fix a bug with host header, which was ignoring the port.
857 Jay Satiro (11 Oct 2022)
858 - [Aftab Alam brought this change]
860 README.md: link the curl logo to the website
862 - Link the curl:// image to https://curl.se/
864 Closes https://github.com/curl/curl/pull/9675
866 - [Dustin Howett brought this change]
868 schannel: when importing PFX, disable key persistence
870 By default, the PFXImportCertStore API persists the key in the user's
871 key store (as though the certificate was being imported for permanent,
874 The documentation specifies that keys that are not to be persisted
875 should be imported with the flag PKCS12_NO_PERSIST_KEY.
876 NOTE: this flag is only supported on versions of Windows newer than XP
881 This is take 2 of the original fix. It extends the lifetime of the
882 client certificate store to that of the credential handle. The original
883 fix which landed in 70d010d and was later reverted in aec8d30 failed to
884 work properly because it did not do that.
886 Minor changes were made to the schannel credential context to support
887 closing the client certificate store handle at the end of an SSL session.
891 Reported-by: ShadowZzj@users.noreply.github.com
893 Fixes https://github.com/curl/curl/issues/9300
894 Supersedes https://github.com/curl/curl/pull/9363
895 Closes https://github.com/curl/curl/pull/9460
897 Viktor Szakats (11 Oct 2022)
898 - Makefile.m32: support more options [ci skip]
900 - Add support for these options:
901 `-wolfssl`, `-wolfssh`, `-mbedtls`, `-libssh`, `-psl`
904 - `-wolfssh` requires `-wolfssl`.
905 - `-wolfssl` cannot be used with OpenSSL backends in parallel.
906 - `-libssh` has build issues with BoringSSL and LibreSSL, and also
907 what looks like a world-writable-config vulnerability on Windows.
908 Consider it experimental.
909 - `-psl` requires `-idn2` and extra libs passed via
910 `LIBS=-liconv -lunistring`.
912 - Detect BoringSSL/wolfSSL and set ngtcp2 crypto lib accordingly.
913 - Generalize MultiSSL detection.
914 - Use else-if syntax. Requires GNU Make 3.81 (2006-04-01).
915 - Document more customization options.
917 This brings over some configuration logic from `curl-for-win`.
921 - cmake: enable more detection on Windows
923 Enable `HAVE_UNISTD_H`, `HAVE_STRTOK_R` and `HAVE_STRCASECMP` detection
924 on Windows, instead of having predefined values.
926 With these features detected correctly, CMake Windows builds get closer
927 to the autotools and `config-win32.h` ones.
929 This also fixes detecting `HAVE_FTRUNCATE` correctly, which required
932 Fixing `ftruncate()` in turn causes a build warning/error with legacy
933 MinGW/MSYS1 due to an offset type size mismatch. This env misses to
934 detect `HAVE_FILE_OFFSET_BITS`, which may be a reason. This patch
935 force-disables `HAVE_FTRUNCATE` for this platform.
937 Reviewed-by: Daniel Stenberg
941 - autotools: allow unix sockets on Windows
943 Fixes: https://github.com/curl/curl-for-win/blob/73a070d96fd906fdee929e2f1f00a9149fb39239/curl-autotools.sh#L44-L47
945 On Windows this feature is present, but not the header used in the
946 detection logic. It also requires an elaborate enabler logic
947 (as seen in `lib/curl_setup.h`). Let's always allow it and let the
948 lib code deal with the details.
952 - cmake: add missing inet_ntop check
954 This adds the missing half of the check, next to the other half
955 already present in `lib/curl_config.h.cmake`.
957 Force disable `HAVE_INET_NTOP` for old MSVC where it caused compiler
960 Reviewed-by: Daniel Stenberg
964 Daniel Stenberg (11 Oct 2022)
965 - RELEASE-NOTES: synced
967 - [bsergean on github brought this change]
969 asyn-ares: set hint flags when calling ares_getaddrinfo
971 The hint flag is ARES_AI_NUMERICSERV, and it will save a call to
972 getservbyname or getservbyname_r to set it.
976 - header.d: add category smtp and imap
978 They were previously (erroneously) added manually to tool_listhelp.c
979 which would make them get removed again when the file is updated next
980 time, unless added correctly here in header.d
982 Follow-up to 2437fac01
986 - curl/get_url_file_name: use libcurl URL parser
988 To avoid URL tricks, use the URL parser for this.
990 This update changes curl's behavior slightly in that it will ignore the
991 possible query part from the URL and only use the file name from the
992 actual path from the URL. I consider it a bugfix.
994 "curl -O localhost/name?giveme-giveme" will now save the output in the
995 local file named 'name'
997 Updated test 1210 to verify
999 Assisted-by: Jay Satiro
1003 - [Martin Ć
gren brought this change]
1005 docs: fix grammar around needing pass phrase
1007 "You never needed a pass phrase" reads like it's about to be followed by
1008 something like "until version so-and-so", but that is not what is
1009 intended. Change to "You never need a pass phrase". There are two
1010 instances of this text, so make sure to update both.
1012 - [Xiang Xiao brought this change]
1014 cmake: add the check of HAVE_SOCKETPAIR
1016 which is used by Curl_socketpair
1018 Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
1022 - curl/add_file_name_to_url: use the libcurl URL parser
1024 instead of the custom error-prone parser, to extract and update the path
1029 - single_transfer: use the libcurl URL parser when appending query parts
1031 Instead of doing "manual" error-prone parsing in another place.
1033 Used when --data contents is added to the URL query when -G is provided.
1037 - ws: fix buffer pointer use in the callback loop
1041 - [Petr Å tetiar brought this change]
1043 curl-wolfssl.m4: error out if wolfSSL is not usable
1045 When I explicitly declare, that I would like to have curl built with
1046 wolfSSL support using `--with-wolfssl` configure option, then I would
1047 expect, that either I endup with curl having that support, for example
1048 in form of https support or it wouldn't be available at all.
1050 Downstream projects like for example OpenWrt build curl wolfSSL variant
1051 with `--with-wolfssl` already, but in certain corner cases it does fail:
1053 configure:25299: checking for wolfSSL_Init in -lwolfssl
1054 configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
1055 In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33,
1056 from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35,
1057 from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
1059 target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory
1060 #include <wolfssl/wolfcrypt/sp_int.h>
1061 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
1062 compilation terminated.
1064 and in the end thus produces curl without https support:
1066 curl: (1) Protocol "https" not supported or disabled in libcurl
1068 So fix it, by making the working wolfSSL mandatory and error out in
1069 configure step when that's not the case:
1071 checking for wolfSSL_Init in -lwolfssl... no
1072 configure: error: --with-wolfssl but wolfSSL was not found or doesn't work
1074 References: https://github.com/openwrt/packages/issues/19005
1075 References: https://github.com/openwrt/packages/issues/19547
1076 Signed-off-by: Petr Å tetiar <ynezz@true.cz>
1080 - tool_getparam: pass in the snprintf("%.*s") string length as 'int'
1082 Reported by Coverity CID 1515928
1086 - [Paul Seligman brought this change]
1088 ws: minor fixes for web sockets without the CONNECT_ONLY flag
1090 - Fixed an issue where is_in_callback was getting cleared when using web
1091 sockets with debug logging enabled
1092 - Ensure the handle is is_in_callback when calling out to fwrite_func
1093 - Change the write vs. send_data decision to whether or not the handle
1094 is in CONNECT_ONLY mode.
1095 - Account for buflen not including the header length in curl_ws_send
1099 Marc Hoersken (8 Oct 2022)
1100 - CI/cirrus: merge existing macOS jobs into a job matrix
1103 Reviewed-by: Philip H.
1107 Daniel Stenberg (8 Oct 2022)
1108 - strcase: add and use Curl_timestrcmp
1110 This is a strcmp() alternative function for comparing "secrets",
1111 designed to take the same time no matter the content to not leak
1112 match/non-match info to observers based on how fast it is.
1114 The time this function takes is only a function of the shortest input
1117 Reported-by: Trail of Bits
1121 - tool_getparam: split out data_urlencode() into its own function
1125 - connect: fix Curl_updateconninfo for TRNSPRT_UNIX
1127 Reported-by: Vasiliy Ulyanov
1131 - ws: fix Coverity complaints
1133 Coverity pointed out several flaws where variables remained
1134 uninitialized after forks.
1136 Follow-up to e3f335148adc6742728f
1140 Marc Hoersken (7 Oct 2022)
1141 - CI/GHA: merge msh3 and openssl3 builds into linux workflow
1143 Continue work on merging all Linux workflows into one file.
1148 Daniel Stenberg (7 Oct 2022)
1149 - curl_ws_send.3: call the argument 'fragsize'
1151 Since WebSocket works with "fragments" not "frames"
1155 - easy: avoid Intel error #2312: pointer cast involving 64-bit pointed-to type
1157 Follow-up to e3f335148adc6742728ff8
1161 - tool_main: exit at once if out of file descriptors
1163 If the main_checkfds function cannot create new file descriptors in an
1164 attempt to detect of stdin, stdout or stderr are closed.
1166 Also changed the check to use fcntl() to check if the descriptors are
1167 open, which avoids superfluously calling pipe() if they all already are.
1169 Follow-up to facfa19cdd4d0094
1171 Reported-by: Trail of Bits
1175 - websockets: remodeled API to support 63 bit frame sizes
1177 curl_ws_recv() now receives data to fill up the provided buffer, but can
1178 return a partial fragment. The function now also get a pointer to a
1179 curl_ws_frame struct with metadata that also mentions the offset and
1180 total size of the fragment (of which you might be receiving a smaller
1181 piece). This way, large incoming fragments will be "streamed" to the
1182 application. When the curl_ws_frame struct field 'bytesleft' is 0, the
1183 final fragment piece has been delivered.
1185 curl_ws_recv() was also adjusted to work with a buffer size smaller than
1186 the fragment size. (Possibly needless to say as the fragment size can
1187 now be 63 bit large).
1189 curl_ws_send() now supports sending a piece of a fragment, in a
1190 streaming manner, in addition to sending the entire fragment in a single
1191 call if it is small enough. To send a huge fragment, curl_ws_send() can
1192 be used to send it in many small calls by first telling libcurl about
1193 the total expected fragment size, and then send the payload in N number
1194 of separate invokes and libcurl will stream those over the wire.
1196 The struct curl_ws_meta() returns is now called 'curl_ws_frame' and it
1197 has been extended with two new fields: *offset* and *bytesleft*. To help
1198 describe the passed on data chunk when a fragment is delivered in many
1201 The documentation has been updated accordingly.
1205 - [Patrick Monnerat brought this change]
1207 docs/examples: avoid deprecated options in examples where possible
1209 Example programs targeting a deprecated feature/option are commented with
1211 Other examples are adapted to not use deprecated options.
1215 Viktor Szakats (6 Oct 2022)
1216 - cmake: fix enabling websocket support
1218 Follow-up from 664249d095275ec532f55dd1752d80c8c1093a77
1222 - tidy-up: delete parallel/unused feature flags
1224 Detecting headers and lib separately makes sense when headers come in
1225 variations or with extra ones, but this wasn't the case here. These were
1226 duplicate/parallel macros that we had to keep in sync with each other
1227 for a working build. This patch leaves a single macro for each of these
1230 - Rely on `HAVE_LIBZ`, delete parallel `HAVE_ZLIB_H`.
1232 Also delete CMake logic making sure these two were in sync, along with
1233 a toggle to turn off that logic, called `CURL_SPECIAL_LIBZ`.
1235 Also delete stray `HAVE_ZLIB` defines.
1237 There is also a `USE_ZLIB` variant in `lib/config-dos.h`. This patch
1238 retains it for compatibility and deprecates it.
1240 - Rely on `USE_LIBSSH2`, delete parallel `HAVE_LIBSSH2_H`.
1242 Also delete `LIBSSH2_WIN32`, `LIBSSH2_LIBRARY` from
1243 `winbuild/MakefileBuild.vc`, these have a role when building libssh2
1244 itself. And `CURL_USE_LIBSSH`, which had no use at all.
1246 Also delete stray `HAVE_LIBSSH2` defines.
1248 - Rely on `USE_LIBSSH`, delete parallel `HAVE_LIBSSH_LIBSSH_H`.
1250 Also delete `LIBSSH_WIN32`, `LIBSSH_LIBRARY` and `HAVE_LIBSSH` from
1251 `winbuild/MakefileBuild.vc`, these were the result of copy-pasting the
1252 libssh2 line, and were not having any use.
1254 - Delete unused `HAVE_LIBPSL_H` and `HAVE_LIBPSL`.
1256 Reviewed-by: Daniel Stenberg
1260 Daniel Stenberg (6 Oct 2022)
1261 - netrc: compare user name case sensitively
1263 User name comparisions in netrc need to match the case.
1267 - CURLOPT_COOKIEFILE: insist on "" for enable-without-file
1269 The former way that also suggested using a non-existing file to just
1270 enable the cookie engine could lead to developers maybe a bit carelessly
1271 guessing a file name that will not exist, and then in a future due to
1272 circumstances, such a file could be made to exist and then accidentally
1273 libcurl would read cookies not actually meant to.
1275 Reported-by: Trail of bits
1279 - tests/Makefile: remove run time stats from ci-test
1281 The ci-test is the normal makefile target invoked in CI jobs. This has
1282 been using the -r option to runtests.pl since a long time, but I find
1283 that it mostly just adds many lines to the test output report without
1284 anyone caring much about those stats.
1290 - [Patrick Monnerat brought this change]
1292 tool: reorganize function c_escape around a dynbuf
1294 This is a bit shorter and a lot safer.
1296 Substrings of unescaped characters are added by a single call to reduce
1299 Extend test 1465 to handle more kind of escapes.
1303 Jay Satiro (5 Oct 2022)
1304 - CURLOPT_HTTPPOST.3: bolden the deprecation notice
1306 Ref: https://github.com/curl/curl/pull/9621
1308 Closes https://github.com/curl/curl/pull/9637
1310 Daniel Stenberg (5 Oct 2022)
1311 - [John Bampton brought this change]
1313 misc: fix spelling in docs and comments
1315 also: remove outdated sentence
1319 - [Patrick Monnerat brought this change]
1321 tool: avoid generating ambiguous escaped characters in --libcurl
1323 C string hexadecimal-escaped characters may have more than 2 digits.
1324 This results in a wrong C compiler interpretation of a 2-digit escaped
1325 character when followed by an hex digit character.
1327 The solution retained here is to represent such characters as 3-digit
1330 Adjust and extend test 1465 for this case.
1334 - configure: the ngtcp2 option should default to 'no'
1336 While still experimental.
1338 Bug: https://curl.se/mail/lib-2022-10/0007.html
1339 Reported-by: Daniel Hallberg
1343 - CURLOPT_MIMEPOST.3: add an (inline) example
1345 Reported-by: Jay Satiro
1346 Bug: https://github.com/curl/curl/pull/9637#issuecomment-1268070723
1350 Viktor Szakats (5 Oct 2022)
1351 - Makefile.m32: exclude libs & libpaths for shared mode exes [ci skip]
1353 Exclude linker flags specifying depedency libs and libpaths, when
1354 building against `libcurl.dll`. In such case these options are not
1355 necessary (but may cause errors if not/wrongly configured.)
1357 Also move and reword a comment on `CPPFLAGS` to not apply to
1358 `UNICODE` options. These are necessary for all build targets.
1362 Jay Satiro (5 Oct 2022)
1363 - runtests: fix uninitialized value on ignored tests
1365 - Don't show TESTFAIL message (ie tests failed which aren't ignored) if
1366 only ignored tests failed.
1369 IGNORED: failed tests: 571 612 1056
1370 TESTDONE: 1214 tests out of 1217 reported OK: 99%
1371 Use of uninitialized value $failed in concatenation (.) or string at
1372 ./runtests.pl line 6290.
1373 TESTFAIL: These test cases failed:
1376 IGNORED: failed tests: 571 612 1056
1377 TESTDONE: 1214 tests out of 1217 reported OK: 99%
1379 Closes https://github.com/curl/curl/pull/9648
1381 - cirrus: use make LDFLAGS=-all-static instead of curl_LDFLAGS
1383 - Correct the use of -all-static for static Windows CI builds.
1385 curl_LDFLAGS was removed from the makefile when metalink support was
1386 removed. LDFLAGS=-all-static is passed to make only, because it is not a
1387 valid option for configure compilation tests.
1389 Closes https://github.com/curl/curl/pull/9633
1391 Viktor Szakats (4 Oct 2022)
1392 - Makefile.m32: fix regression with tool_hugehelp [ci skip]
1394 In a recent commit I mistakenly deleted this logic, after seeing a
1395 reference to a filename ending with `.cvs` and thinking it must have
1396 been long gone. Turns out this is an existing file. Restore the rule
1397 and the necessary `COPY` definitions with it.
1399 The restored logic is required for a successful build on a bare source
1400 tree (as opposed to a source release tarball).
1402 Also shorten an existing condition similar to the one added in this
1405 Regression since 07a0047882dd3f1fbf73486c5dd9c15370877ad6
1409 - Makefile.m32: deduplicate build rules [ci skip]
1411 After this patch, we reduce the three copies of most `Makefile.m32`
1412 logic to one. This now resides in `lib/Makefile.m32`. It makes future
1413 updates easier, the code shorter, with a small amount of added
1416 `Makefile.m32` reduction:
1418 | | bytes | LOC total | blank | comment | code |
1419 |-------------------|-------:|----------:|-------:|---------:|------:|
1420 | 7.85.0 | 34772 | 1337 | 79 | 192 | 1066 |
1421 | before this patch | 17601 | 625 | 62 | 106 | 457 |
1422 | after this patch | 11680 | 392 | 52 | 104 | 236 |
1426 - Change rules to create objects for the `v*` subdirs in the `lib` dir.
1427 This allows to use a shared compile rule and assumes that filenames
1428 are not (and will not be) colliding across these directories.
1429 `Makefile.m32` now also stores a list of these subdirs. They are
1430 changing rarely though.
1432 - Sync as much as possible between the three `Makefile.m32` scripts'
1433 rules and their source/target sections.
1435 - After this patch `CPPFLAGS` are all applied to the `src` sources once
1436 again. This matches the behaviour of cmake/autotools. Only zlib ones
1437 are actually required there.
1439 - Use `.rc` names from `Makefile.inc` instead of keeping a duplicate.
1441 - Change examples to link `libcurl.dll` by default. This makes building
1442 trivial, even as a cross-build:
1443 `CC=x86_64-w64-mingw32-gcc make -f Makefile.m32`
1444 To run them, you need to move/copy or add-to-path `libcurl.dll`.
1445 You can select static mode via `CFG=-static`.
1447 - List more of the `Makefile.m32` config variables.
1449 - Drop `.rc` support from examples. It made it fragile without much
1452 - Include a necessary system lib for the `externalsocket.c` example.
1454 - Exclude unnecessary systems libs when building in `-dyn` mode.
1458 Daniel Stenberg (4 Oct 2022)
1459 - RELEASE-NOTES: synced
1461 - CURLOPT_COOKIELIST.3: fix formatting mistake
1463 Also, updated manpage-syntax.pl to make it detect this error in test
1466 Reported-by: ProceduralMan on github
1470 - [Jay Satiro brought this change]
1472 connect: change verbose IPv6 address:port to [address]:port
1474 - Use brackets for the IPv6 address shown in verbose message when the
1475 format is address:port so that it is less confusing.
1477 Before: Trying 2606:4700:4700::1111:443...
1478 After: Trying [2606:4700:4700::1111]:443...
1480 Bug: https://curl.se/mail/archive-2022-02/0041.html
1481 Reported-by: David Hu
1485 Viktor Szakats (3 Oct 2022)
1486 - Makefile.m32: major rework [ci skip]
1488 This patch overhauls `Makefile.m32` scripts, fixing a list of quirks,
1489 making its behaviour and customization envvars align better with other
1490 build systems, aiming for less code, that is easier to read, use and
1494 - Rename customization envvars:
1498 `CURL_LDFLAG_EXTRAS_DLL` -> `CURL_LDFLAGS_LIB`
1499 `CURL_LDFLAG_EXTRAS_EXE` -> `CURL_LDFLAGS_BIN`
1500 - Drop `CURL_STRIP` and `CURL_RANLIB`. These tools are no longer used.
1501 - Accept `CFLAGS`, `CPPFLAGS`, `RCFLAGS`, `LDFLAGS` and `LIBS` envvars.
1502 - Drop `CURL_CFLAG_EXTRAS`, `CURL_LDFLAG_EXTRAS`, `CURL_RCFLAG_EXTRAS` in
1504 - Do not automatically enable `zlib` with `libssh2`. `zlib` is optional
1506 - Omit unnecessary `CPPFLAGS` options when building `curl.exe` and
1508 - Drop support for deprecated `-winssl` `CFG` option. Use `-schannel`
1510 - Avoid late evaluation where not necessary (`=` -> `:=`).
1511 - Drop support for `CURL_DLL_A_SUFFIX` to override the implib suffix.
1512 Instead, use the standard naming scheme by default: `libcurl.dll.a`.
1513 The toolchain recognizes the name, and selects it automatically when
1514 asking for a `-shared` vs. `-static` build.
1515 - Stop applying `strip` to `libcurl.a`. Follow-up from
1516 16a58e9f93c7e89e1f87720199388bcfcfa148a4. There was no debug info to
1518 - Stop setting `-O3`, `-W`, `-Wall` options. You can add these to
1519 `CFLAGS` as desired.
1520 - Always enable `-DCURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG` with OpenSSL,
1521 to avoid that vulnerability on Windows.
1522 - Add `-lbrotlicommon` to `LIBS` when using `brotli`.
1523 - Do not enable `-nghttp3` without `-ngtcp2`.
1524 - `-ssh2` and `-rtmp` options no longer try to auto-select a TLS-backend.
1525 You need to set the backend explicitly. This scales better and avoids
1526 issues with certain combinations (e.g. `libssh2` + `wolfssl` with no
1528 - Default to OpenSSL TLS-backend with `ngtcp2`. Possible to override via
1530 - Old, alternate method of enabling components (e.g. `SSH2=1`) no longer
1532 - Delete `SPNEGO` references. They were no-ops.
1533 - Drop support for Win9x environments.
1534 - Allow setting `OPENSSL_LIBS` independently from `OPENSSL_LIBPATH`.
1535 - Support autotools/CMake `libssh2` builds by default.
1536 - Respect `CURL_DLL_SUFFIX` in `-dyn` mode when building `curl.exe` and
1538 - Assume standard directory layout with `LIBCARES_PATH`. (Instead of the
1539 long gone embedded one.)
1540 - Stop static linking with c-ares by default. Add
1541 `CPPFLAGS=-DCARES_STATICLIB` to enable it.
1542 - Reorganize internal layout to avoid redundancy and emit clean diffs
1543 between src/lib and example make files.
1544 - Delete unused variables.
1545 - Code cleanups/rework.
1546 - Comment and indentation fixes.
1550 - scripts/release-notes.pl: strip ci skip tag [ci skip]
1552 Ref: https://github.com/curl/curl/commit/e604a82cae922bf86403a94f5803ac5e4303ae97#commitcomment-85637701
1554 Reviewed-by: Daniel Stenberg
1558 - Makefile.m32: delete legacy component bits [ci skip]
1560 - Drop auto-detection of OpenSSL 1.0.2 and earlier. Now always defaulting
1561 to OpenSSL 1.1.0 and later, LibreSSL and BoringSSL.
1563 - Drop `Invalid path to OpenSSL package` detection. OpenSSL has been
1564 using a standard file layout since 1.1.0, so this seems unnecessary
1567 - Drop special logic to enable Novell LDAP SDK support.
1569 - Drop special logic to enable OpenLDAP LDAP SDK support. This seems
1570 to be distinct from native OpenLDAP, with support implemented inside
1571 `lib/ldap.c` (vs. `lib/openldap.c`) back when the latter did not exist
1574 - Add `-lwldap32` only if there is no other LDAP library (either native
1575 OpenLDAP, or SDKs above) present.
1577 - Update `doc/INSTALL.md` accordingly.
1579 After this patch, it's necessary to make configration changes when using
1580 OpenSSL 1.0.2 or earlier, or the two LDAP SDKs.
1582 OpenSSL 1.0.2 and earlier:
1584 export OPENSSL_INCLUDE = <path-to-openssl>/outinc
1585 export OPENSSL_LIBPATH = <path-to-openssl>/out
1586 export OPENSSL_LIBS = -lssl32 -leay32 -lgdi32
1589 Novell LDAP SDK, previously enabled via `USE_LDAP_NOVELL=1`:
1591 export CURL_CFLAG_EXTRAS = -I<path-to-sdk>/inc -DCURL_HAS_NOVELL_LDAPSDK
1592 export CURL_LDFLAG_EXTRAS = -L<path-to-sdk>/lib/mscvc -lldapsdk -lldapssl -lldapx
1595 OpenLDAP LDAP SDK, previously enabled via `USE_LDAP_OPENLDAP=1`:
1597 export CURL_CFLAG_EXTRAS = -I<path-to-sdk>/include -DCURL_HAS_OPENLDAP_LDAPSDK
1598 export CURL_LDFLAG_EXTRAS = -L<path-to-sdk>/lib -lldap -llber
1601 I haven't tested these scenarios, and in general we recommend using
1602 a recent OpenSSL release. Also, WinLDAP (the Windows default) and
1603 OpenLDAP (via `-DUSE_OPENLDAP`) are the LDAP options actively worked on
1608 Daniel Stenberg (2 Oct 2022)
1609 - vauth/ntlm.h: make line shorter than 80 columns
1611 Follow-up from 265fbd937
1613 Viktor Szakats (1 Oct 2022)
1614 - docs: update sourceforge project links [ci skip]
1616 SourceForge projects can now choose between two hostnames, with .io and
1617 .net ending. Both support HTTPS by default now. Opening the other variant
1618 will perm-redirected to the one chosen by the project.
1620 The .io -> .net redirection is done insecurely.
1622 Let's update the URLs to point to the current canonical endpoints to
1623 avoid any redirects.
1627 Daniel Stenberg (1 Oct 2022)
1628 - curl_url_set.3: document CURLU_APPENDQUERY proper
1630 Listed among the other supported flags.
1632 Reported-by: Robby Simpson
1636 Viktor Szakats (1 Oct 2022)
1637 - Makefile.m32: cleanups and fixes [ci skip]
1639 - Add `-lcrypt32` once, and add it always for simplicity.
1640 - Delete broken link and reference to the pre-Vista WinIDN add-on.
1641 MS no longer distribute it.
1642 - Delete related `WINIDN_PATH` option. IDN is a system lib since Vista.
1643 - Sync `LIBCARES_PATH` default with the rest of dependencies.
1644 - Delete version numbers from dependency path defaults.
1645 - `libgsasl` package is now called `gsasl`.
1646 - Delete `libexpat` and `libxml2` references. No longer used by curl.
1647 - Delete `Edit the path below...` comments. We recommend to predefine
1648 those envvars instead.
1649 - `libcares.a` is not an internal dependency anymore. Stop using it as
1651 - `windres` `--include-dir` -> `-I`, `-F` -> `--target=` for readability.
1652 - Delete `STRIP`, `CURL_STRIP`, `AR` references from `src/Makefile.m32`.
1653 They were never used.
1654 - Stop to `clean` some objects twice in `src/Makefile.m32`.
1655 - Delete cvs-specific leftovers.
1656 - Finish resource support in examples make file.
1657 - Delete `-I<root>/lib` from examples make file.
1658 - Fix copyright start year in examples make file.
1659 - Delete duplicate `ftpuploadresume` input in examples make file.
1660 - Sync OpenSSL lib order, `SYNC` support, `PROOT` use, dependency path
1661 defaults, variables names and other internal bits between the three
1663 - `lib/Makefile.m32` accepted custom options via `DLL_LIBS` envvar. This
1664 was lib-specific and possibly accidental. Use `CURL_LDFLAG_EXTRAS_DLL`
1665 envvar for the same effect.
1666 - Fix linking `curl.exe` and examples to wrong static libs with
1667 auto-detected OpenSSL 1.0.2 or earlier.
1668 - Add `-lgdi32` for OpenSSL 1.0.2 and earlier only.
1669 - Add link to Novell LDAP SDK and use a relative default path. Latest
1670 version is from 2016, linked to an outdated OpenSSL 1.0.1.
1671 - Whitespace and comment cleanups.
1673 TODO in a next commit:
1675 Delete built-in detection/logic for OpenSSL 1.0.2 and earlier, the Novell
1676 LDAP SDK and the other LDAP SDK (which is _not_ OpenLDAP). Write up the
1677 necessary custom envvars to configure them.
1681 Daniel Stenberg (30 Sep 2022)
1682 - RELEASE-NOTES: synced
1684 - [Matt Holt brought this change]
1686 HTTP3.md: update Caddy example
1690 - easy: fix the altsvc init for curl_easy_duphandle
1692 It was using the old #ifdef which nothing sets anymore
1696 - GHA: build tests in a separate step from the running of them
1698 ... to make the output smaller for when you want to look at test
1701 Removed the examples build from msh3
1705 Viktor Szakats (29 Sep 2022)
1706 - ldap: delete stray CURL_HAS_MOZILLA_LDAP reference
1708 Added in 68b215157fdf69612edebdb220b3804822277822, while adding openldap
1709 support. This is also the single mention of this constant in the source
1710 tree and also in that commit. Based on these, it seems like an accident.
1712 Delete this reference.
1714 Reviewed-by: Daniel Stenberg
1718 - docs: spelling nits
1720 - MingW -> MinGW (Minimalist GNU for Windows)
1722 - some whitespace and punctuation.
1724 Reviewed-by: Daniel Stenberg
1728 Daniel Stenberg (29 Sep 2022)
1729 - [Philip Heiduck brought this change]
1731 cirrus-ci: add macOS build with m1
1733 Signed-off-by: Philip H <47042125+pheiduck@users.noreply.github.com>
1737 - [Patrick Monnerat brought this change]
1739 lib: sanitize conditional exclusion around MIME
1741 The introduction of CURL_DISABLE_MIME came with some additional bugs:
1742 - Disabled MIME is compiled-in anyway if SMTP and/or IMAP is enabled.
1743 - CURLOPT_MIMEPOST, CURLOPT_MIME_OPTIONS and CURLOPT_HTTPHEADER are
1744 conditioned on HTTP, although also needed for SMTP and IMAP MIME mail
1747 In addition, the CURLOPT_HTTPHEADER and --header documentation does not
1748 mention their use for MIME mail.
1750 This commit fixes the problems above.
1754 - [Thiago Suchorski brought this change]
1756 docs: minor grammar fixes
1760 - CURLSHOPT_UNLOCKFUNC.3: the callback as no 'access' argument
1762 Probably a copy and paste error from the lock function man page.
1764 Reported-by: Robby Simpson
1768 - CURLOPT_ACCEPT_ENCODING.3: remove "four" as they are five
1770 ... instead just list the supported encodings.
1772 Reported-by: ProceduralMan on github
1776 Dan Fandrich (28 Sep 2022)
1777 - tests: Remove a duplicated keyword
1779 - docs: document more server names for test files
1781 Daniel Stenberg (28 Sep 2022)
1782 - altsvc: reject bad port numbers
1784 The existing code tried but did not properly reject alternative services
1785 using negative or too large port numbers.
1787 With this fix, the logic now also flushes the old entries immediately
1788 before adding a new one, making a following header with an illegal entry
1789 not flush the already stored entry.
1791 Report from the ongoing source code audit by Trail of Bits.
1793 Adjusted test 356 to verify.
1797 - functypes: provide the recv and send arg and return types
1799 This header is for providing the argument types for recv() and send()
1800 when built to not use a dedicated config-[platfor].h file.
1802 Remove the slow brute-force checks from configure and cmake.
1804 This change also removes the use of the types for select, as they were
1809 - urlapi: reject more bad characters from the host name field
1811 Extended test 1560 to verify
1813 Report from the ongoing source code audit by Trail of Bits.
1817 - configure: deprecate builds with small curl_off_t
1819 If curl_off_t turns out to be smaller than 8 bytes,
1820 --with-n64-deprecated needs to be used to allow the build to
1821 continue. This is to highlight the fact that support for such builds is
1822 going away next year.
1824 Also mentioned in DEPRECATED.md
1828 - [Patrick Monnerat brought this change]
1830 http, vauth: always provide Curl_allow_auth_to_host() functionality
1832 This function is currently located in the lib/http.c module and is
1833 therefore disabled by the CURL_DISABLE_HTTP conditional token.
1835 As it may be called by TLS backends, disabling HTTP results in an
1836 undefined reference error at link time.
1838 Move this function to vauth/vauth.c to always provide it and rename it
1839 as Curl_auth_allowed_to_host() to respect the vauth module naming
1844 - ngtcp2: fix C89 compliance nit
1846 - openssl: make certinfo available for QUIC
1848 Curl_ossl_certchain() is now an exported function in lib/vtls/openssl.c that
1849 can also be used from quiche.c and ngtcp2.c to get the cert chain for QUIC
1850 connections as well.
1852 The *certchain function was moved to the top of the file for this reason.
1854 Reported-by: Eloy Degen
1858 - RELEASE-NOTES: synced
1860 - DEPRECATE.md: Support for systems without 64 bit data types
1864 - [Patrick Monnerat brought this change]
1866 tests: skip mime/form tests when mime is not built-in
1870 - url: rename function due to name-clash in Watt-32
1872 Follow-up to 2481dbe5f4f58 and applies the change the way it was
1875 Viktor Szakats (26 Sep 2022)
1876 - windows: adjust name of two internal public functions
1878 According to `docs/INTERNALS.md`, internal function names spanning source
1879 files start with uppercase `Curl_`. Bring these two functions in
1880 alignment with this.
1882 This also stops exporting them from `libcurl.dll` in autotools builds.
1884 Reviewed-by: Daniel Stenberg
1888 Daniel Stenberg (26 Sep 2022)
1889 - [Gisle Vanem brought this change]
1891 url: rename function due to name-clash in Watt-32
1893 Since the commit 764c958c52edb427f39, there was a new function called
1894 resolve_ip(). This clashes with an internal function in Watt-32.
1898 Jay Satiro (26 Sep 2022)
1899 - schannel: ban server ALPN change during recv renegotiation
1901 By the time schannel_recv is renegotiating the connection, libcurl has
1902 already decided on a protocol and it is too late for the server to
1903 select a protocol via ALPN except for the originally selected protocol.
1905 Ref: https://github.com/curl/curl/issues/9451
1907 Closes https://github.com/curl/curl/pull/9463
1909 Daniel Stenberg (26 Sep 2022)
1910 - url: a zero-length userinfo part in the URL is still a (blank) user
1912 Adjusted test 1560 to verify
1914 Reported-by: Jay Satiro
1919 Viktor Szakats (25 Sep 2022)
1920 - autotools: allow --enable-symbol-hiding with windows
1922 This local autotools logic was put in place in
1923 9e24b9c7afbcb81120af4cf3f6cdee49a06d8224 (in 2012) which disabled it for
1924 Windows unconditionally. Testing reveals that it actually works with
1925 tested toolchains (mingw-w64 and CI ones), so let's allow this build
1926 feature on that platform. Bringing this in sync with CMake, which already
1929 Reviewed-by: Jay Satiro
1933 - autotools: reduce brute-force when detecting recv/send arg list
1935 autotools uses brute-force to detect `recv`/`send`/`select` argument
1936 lists, by interating through _all_ argument type combinations on each
1937 `./configure` run. This logic exists since
1938 01fa02d0b545e1433dced2430561f8c0c72b74a9 (from 2006) and was a bit later
1939 extended with Windows support.
1941 This results in a worst-case number of compile + link cycles as below:
1945 Total: 348 (the number of curl C source files is 195, for comparison)
1947 Notice that e.g. curl-for-win autotools builds require two `./configure`
1948 invocations, doubling these numbers.
1950 `recv` on Windows was especially unlucky because `SOCKET` (the correct
1951 choice there) was listed _last_ in one of the outer trial loops. This
1952 resulted in lengthy waits while autotools was trying all invalid
1953 combinations first, wasting cycles, disk writes and slowing down
1956 This patch reduces the amount of idle work by reordering the tests in
1957 a way to succeed first on a well-known platform such as Windows, and
1958 also on non-Windows by testing for POSIX prototypes first, on the
1959 assumption that these are the most likely candidates these days. (We do
1960 not touch `select`, where the order was already optimal for these
1963 For non-Windows, this means to try a return value of `ssize_t` first,
1964 then `int`, reordering the buffer argument type to try `void *` first,
1965 then `byte *`, and prefer the `const` flavor with `send`. If we are
1966 here, also stop testing for `SOCKET` type in non-Windows builds.
1968 After the patch, detection on Windows is instantaneous. It should also be
1969 faster on popular platforms such as Linux and BSD-based ones.
1971 If there are known-good variations for other platforms, they can also be
1972 fast-tracked like above, given a way to check for that platform inside
1973 the autotools logic.
1975 Reviewed-by: Daniel Stenberg
1979 Daniel Stenberg (23 Sep 2022)
1980 - TODO: Provide the error body from a CONNECT response
1982 Spellchecked-by: Jay Satiro
1987 Viktor Szakats (23 Sep 2022)
1988 - windows: autotools .rc warnings fixup
1990 Move `LT_LANG([Windows Resource])` after `XC_LIBTOOL`, fixing:
1992 - Warnings when running `autoreconf -fi`.
1994 - Warning when compiling .rc files:
1995 libtool: compile: unable to infer tagged configuration
1996 libtool: error: specify a tag with '--tag'
1998 Follow up to 6de7322c03d5b4d91576a7d9fc893e03cc9d1057
1999 Ref: https://github.com/curl/curl/pull/9521#issuecomment-1256291156
2001 Suggested-by: Patrick Monnerat
2004 Daniel Stenberg (23 Sep 2022)
2005 - [Randall S. Becker brought this change]
2007 curl_setup: disable use of FLOSS for 64-bit NonStop builds
2009 Older 32-bit builds currently need FLOSS. This dependency may be removed
2010 in future OS releases.
2012 Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
2016 - [Patrick Monnerat brought this change]
2018 tool: remove dead code
2020 Add a debug assertion to verify protocols included/excluded in a set
2021 are always tokenized.
2023 Follow-up to commit 677266c.
2027 - [Patrick Monnerat brought this change]
2029 lib: prepare the incoming of additional protocols
2031 Move the curl_prot_t to its own conditional block. Introduce symbol
2032 PROTO_TYPE_SMALL to control it.
2034 Fix a cast in a curl_prot_t assignment.
2035 Remove an outdated comment.
2037 Follow-up to cd5ca80.
2041 - msh3: change the static_assert to make the code C89
2043 - bearssl: make it proper C89 compliant
2045 - curl-compilers.m4: for gcc + want warnings, set gnu89 standard
2047 To better verify that the code is C89
2051 - [Patrick Monnerat brought this change]
2053 lib517: fix C89 constant signedness
2055 In C89, positive integer literals that overflow an int but not an
2056 unsigned int may be understood as a negative int.
2058 lib517.c:129:3: warning: this decimal constant is unsigned only in ISO C90
2059 {"Sun, 06 Nov 2044 08:49:37 GMT", 2362034977 },
2064 - mprintf: use snprintf if available
2066 This is the single place in libcurl code where it uses the "native"
2067 s(n)printf() function. Used for writing floats. The use has been
2068 reviewed and vetted and uses a HUGE target buffer, but switching to
2069 snprintf() still makes this safer and removes build-time warnings.
2071 Reported-by: Philip Heiduck
2076 - docs: tag curl options better in man pages
2078 As it makes them links in the HTML versions.
2080 Verified by the extended test 1176
2082 - symbols-in-versions: CURLOPT_ENCODING is deprecated since 7.21.6
2084 - manpage-syntax.pl: all libcurl option symbols should be \fI-tagged
2086 ... as that makes them links to their corresponding man page.
2088 This script is used for test 1173.
2092 - RELEASE-NOTES: synced
2094 - [Patrick Monnerat brought this change]
2096 tool: remove protocol count limitation
2098 Replace bit mask protocol sets by null-terminated arrays of protocol
2099 tokens. These are the addresses of the protocol names returned by
2100 curl_version_info().
2102 Protocol names are sorted case-insensitively before output to satisfy CI
2103 tests matches consistency.
2105 The protocol list returned by curl_version_info() is augmented with all
2106 RTMP protocol variants.
2108 Test 1401 adjusted for new alpha ordered output.
2112 - test972: verify the output without using external tool
2114 It seems too restrictive to assume and use an external tool to verify
2115 the JSON. This now verifies the outut byte per byte. We could consider
2116 building a local "JSON verifyer" in a future.
2118 Remove 'jsonlint' from the CI job.
2120 Reported-by: Marcel Raad
2124 - hostip: lazily wait to figure out if IPv6 works until needed
2126 The check may take many milliseconds, so now it is performed once the
2127 value is first needed. Also, this change makes sure that the value is
2128 not used if the resolve is set to be IPv4-only.
2132 - curl.h: fix mention of wrong error code in comment
2134 The same error and comment were also used and is now corrected in
2135 CURLOPT_SSH_KEYFUNCTION.3
2137 - symbol-scan.pl: scan and verify .3 man pages
2139 This script now also finds all .3 man pages in docs/include and
2140 docs/include/opts, extracts all uses of CURL* symbols and verifies that all
2141 symbols mentioned in docs are defined in public headers.
2143 A "global symbol" is one of those matching a known prefix and the script makes
2144 an attempt to check all/most of them. Just using *all* symbols that match
2145 CURL* proved matching a little too many other references as well and turned
2146 difficult turning into something useful.
2150 - symbols-in-versions: add missing LIBCURL* symbols
2152 - symbol-scan.pl: also check for LIBCURL* symbols
2156 - docs/libcurl/symbols-in-versions: add several missing symbols
2158 - test1119: scan all public headers
2160 Previously this test only scanned a subset of the headers, which made us
2161 accidentally miss symbols that were provided in the others. Now, the script
2162 iterates over all headers present in include/curl.
2166 - [Patrick Monnerat brought this change]
2168 examples/chkspeed: improve portability
2170 The example program chkspeed uses strncasecmp() which is not portable
2171 across systems. Replace calls to this function by tests on characters.
2175 - easy: fix the #include order
2177 The mentioned "last 3 includes" order should be respected. easy_lock.h should
2178 be included before those three.
2180 Reported-by: Yuriy Chernyshov
2186 Pointed by the new CI job
2190 This spellchecker checks markdown files. For this reason this job
2191 converts all man pages in the repository to markdown with pandoc before
2194 The perl script 'cleanspell' filters out details from the man page in
2195 the process, to avoid the spellchecker trying to spellcheck things it
2196 can't. Like curl specific symbols and the SYNOPSIS and EXAMPLE sections
2197 of libcurl man pages.
2199 The spell checker does not check words in sections that are within pre,
2202 'spellcheck.words' is a custom word list with additional accepted words.
2206 - connect: fix the wrong error message on connect failures
2208 The "Failed to connect to" message after a connection failure would
2209 include the strerror message based on the presumed previous socket
2210 error, but in times it seems that error number is not set when reaching
2211 this code and therefore it would include the wrong error message.
2213 The strerror message is now removed from here and the curl_easy_strerror
2214 error is used instead.
2216 Reported-by: Edoardo Lolletti
2220 - httpput-postfields.c: shorten string for C89 compliance
2222 httpput-postfields.c:41:3: error: string length ā522ā is greater than the length ā509ā ISO C90 compilers are required to support [-Woverlength-strings]
2223 41 | "this chapter.";
2228 - ws: fix a C89 compliance nit
2232 - [Patrick Monnerat brought this change]
2234 unit test 1655: make it C89-compliant
2236 Initializations performed in unit test 1655 use automatic variables in
2237 aggregates and thus can only be computed at run-time. Using gcc in C89
2238 dialect mode produces warning messages like:
2240 unit1655.c:96:7: warning: initializer element is not computable at load time [-Wpedantic]
2241 96 | { toolong, DOH_DNS_NAME_TOO_LONG }, /* expect early failure */
2244 Fix the problem by converting these automatic pointer variables to
2249 - [Tobias Schaefer brought this change]
2251 curl_strequal.3: fix typo
2255 - [Dmitry Karpov brought this change]
2257 resolve: make forced IPv4 resolve only use A queries
2259 This protects IPv4-only transfers from undesired bad IPv6-related side
2260 effects and make IPv4 transfers in dual-stack libcurl behave the same
2261 way as in IPv4 single-stack libcurl.
2265 - RELEASE-NOTES: synced
2267 - winbuild/MakefileBuild.vc: handle spaces in libssh(2) include paths
2269 Patched-by: Mark Itzcovitz
2270 Bug: https://curl.se/mail/lib-2022-09/0038.html
2274 - TODO: Reduce CA certificate bundle reparsing
2276 By adding some sort of cache.
2278 Reported-by: Michael Drake
2282 Marc Hoersken (19 Sep 2022)
2283 - CI/GHA: cancel outdated CI runs on new PR changes
2285 Avoid letting outdated CI runs continue if a PR receives
2286 new changes. Outside a PR we let them continue running
2287 by tying the concurrency to the commit hash instead.
2289 Also only let one CodeQL or Hacktoberfest job run at a time.
2291 Other CI platforms we use have this build in, but GitHub
2292 unfortunately neither by default nor with a simple option.
2294 This saves CI resources and therefore a little energy.
2296 Approved-by: Daniel Stenberg
2297 Approved-by: Max Dymond
2300 Daniel Stenberg (19 Sep 2022)
2301 - docs: fix proselint complaints
2303 - GHA: run proselint on markdown files
2305 Co-authored-by: Marc Hƶrsken
2309 - lib: the number four in a sequence is the "fourth"
2315 - [John Bampton brought this change]
2317 misc: fix spelling in two source files
2321 Viktor Szakats (18 Sep 2022)
2322 - windows: add .rc support to autotools builds
2324 After this update autotools builds will compile and link `.rc` resources
2325 to Windows executables. Bringing this feature on par with CMake and
2326 Makefile.m32 builds. And also making it unnecessary to improvise these
2327 steps manually, while monkey patching build files, e.g. [0].
2329 You can customize the resource compiler via the `RC` envvar, and its
2330 options via `RCFLAGS`.
2332 This harmless warning may appear throughout the build, even though the
2333 autotools manual documents [1] `RC` as a valid tag, and it fails when
2335 `libtool: error: ignoring unknown tag RC`
2337 [0] https://github.com/curl/curl-for-win/blob/535f19060d4b708f72e75dd849409ce50baa1b84/curl-autotools.sh#L376-L382
2338 [1] https://www.gnu.org/software/libtool/manual/html_node/Tags.html
2342 Marc Hoersken (18 Sep 2022)
2343 - CI/linkcheck: only run if a Markdown file is changed
2345 This saves CI resources and therefore a little energy.
2347 Reviewed-by: Max Dymond
2350 - README.md: add GHA status badges for Linux and macOS builds
2352 This makes sense now that Linux builds are being consolidated.
2354 Approved-by: Daniel Stenberg
2359 Daniel Stenberg (17 Sep 2022)
2360 - misc: null-terminate
2362 Make use of this term consistently.
2366 Marc Hoersken (17 Sep 2022)
2367 - CI/GHA: merge intel CC and more TLS libs into linux workflow
2369 Continue work on merging all Linux workflows into one file.
2371 Reviewed-by: Max Dymond
2375 Daniel Stenberg (17 Sep 2022)
2376 - [Patrick Monnerat brought this change]
2378 lib1597: make it C89-compliant again
2380 Automatic variable addresses cannot be used in an initialisation
2383 Follow-up to 9d51329
2385 Reported-by: Daniel Stenberg
2389 - tool_libinfo: silence "different 'const' qualifiers" in qsort()
2391 MSVC 15.0.30729.1 warned about it
2393 Follow-up to dd2a024323dcc
2397 - [Patrick Monnerat brought this change]
2399 docs: tell about disabled protocols in CURLOPT_*PROTOCOLS_STR.
2401 Disabled protocols are now handled as if they were unknown.
2402 Also update the possible protocol list.
2404 - [Patrick Monnerat brought this change]
2406 cli tool: do not use disabled protocols
2408 As they are now rejected by the library, take care of not passing
2409 disabled protocol names to CURLOPT_PROTOCOLS_STR and
2410 CURLOPT_REDIR_PROTOCOLS_STR.
2412 Rather than using the CURLPROTO_* constants, dynamically assign protocol
2413 numbers based on the order they are listed by curl_version_info().
2415 New type proto_set_t implements prototype bit masks: it should therefore
2416 be large enough to accomodate all library-enabled protocols. If not,
2417 protocol numbers beyond the bit count of proto_set_t are recognized but
2418 "inaccessible": when used, a warning is displayed and the value is
2419 ignored. Should proto_set_t overflows, enabled protocols are reordered to
2420 force those having a public CURLPROTO_* representation to be accessible.
2422 Code has been added to subordinate RTMP?* protocols to the presence of
2423 RTMP in the enabled protocol list, being returned by curl_version_info()
2426 - [Patrick Monnerat brought this change]
2428 setopt: use the handler table for protocol name to number conversions
2430 This also returns error CURLE_UNSUPPORTED_PROTOCOL rather than
2431 CURLE_BAD_FUNCTION_ARGUMENT when a listed protocol name is not found.
2433 A new schemelen parameter is added to Curl_builtin_scheme() to support
2436 Note that disabled protocols are not recognized anymore.
2438 Tests adapted accordingly.
2442 - altsvc: use 'h3' for h3
2444 Since the official and real version has been out for a while now and servers
2445 are deployed out there using it, there is no point in sticking to h3-29.
2447 Reported-by: ć¦ćć
2451 Jay Satiro (16 Sep 2022)
2452 - [chemodax brought this change]
2454 winbuild: Use NMake batch-rules for compilation
2456 - Invoke cl compiler once for each group of .c files.
2458 This is significantly improves compilation time. For example in my
2459 environment: 40 s --> 20 s.
2461 Prior to this change cl was invoked per .c file.
2463 Closes https://github.com/curl/curl/pull/9512
2465 Daniel Stenberg (16 Sep 2022)
2466 - ws: the infof() flags should be %zu
2468 Follow-up to e5e9e0c5e49ae0
2472 - curl: warn for --ssl use, considered insecure
2476 - [Sergey Bronnikov brought this change]
2478 curl_escape.3: fix typo
2484 - mailmap: merge Philip Heiduck's two addresses into one
2486 - test1948: verify PUT + POST reusing the same handle
2488 Reproduced #9507, verifies the fix
2490 - setopt: when POST is set, reset the 'upload' field
2492 Reported-by: RobBotic1 on github
2496 Marc Hoersken (15 Sep 2022)
2497 - github: initial CODEOWNERS setup for CI configuration
2499 Reviewed-by: Daniel Stenberg
2500 Reviewed-by: Marcel Raad
2501 Reviewed-by: Max Dymond
2507 - [Philip Heiduck brought this change]
2509 CI: optimize some more dependencies install
2511 Signed-off-by: Philip Heiduck <pheiduck@Philips-MBP.lan>
2515 - CI/GHA: merge event-based and NSS into new linux workflow
2517 Continue work on merging all Linux workflows into one file.
2522 Daniel Stenberg (15 Sep 2022)
2523 - include/curl/websockets.h: add extern "C" for C++
2525 Reported-by: n0name321 on github
2529 - lib1560: extended to verify detect/reject of unknown schemes
2531 ... when no guessing is allowed.
2533 - urlapi: detect scheme better when not guessing
2535 When the parser is not allowed to guess scheme, it should consider the
2536 word ending at the first colon to be the scheme, independently of number
2539 The parser now checks that the scheme is known before it counts slashes,
2540 to improve the error messge for URLs with unknown schemes and maybe no
2543 When following redirects, no scheme guessing is allowed and therefore
2544 this change effectively prevents redirects to unknown schemes such as
2549 - strerror: improve two URL API error messages
2551 Marc Hoersken (14 Sep 2022)
2552 - CI/GHA: merge bearssl and hyper into initial linux workflow
2554 Begin work on merging all Linux workflows into one file.
2558 Daniel Stenberg (14 Sep 2022)
2559 - RELEASE-NOTES: synced
2561 - cmake: define BUILDING_LIBCURL in lib/CMakeLists, not config.h
2563 Since the config file might also get included by the tool code at times.
2564 This syncs with how other builds do it.
2568 - tool_hugehelp: make hugehelp a blank macro when disabled
2572 - getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
2574 ... to improve the output in this situation. Now it doesn't say "option
2579 - setopt: fix compiler warning
2581 Follow-up to cd5ca80f00d2
2585 - [Philip Heiduck brought this change]
2587 CI: skip make, do make install at once for dependencies
2589 Signed-off-by: Philip Heiduck <pheiduck@Philips-MBP.lan>
2593 - formdata: typecast the va_arg return value
2595 To avoid "enumerated type mixed with another type" warnings
2597 Follow-up from 0f52dd5fd5aa3592691a
2601 - RELEASE-PROCEDURE.md: mention patch releases
2603 - When to make them and how to argue for them
2604 - Refreshed the release date list
2608 - urldata: use a curl_prot_t type for storing protocol bits
2610 This internal-use-only storage type can be bumped to a curl_off_t once
2611 we need to use bit 32 as the previous 'unsigned int' can no longer hold
2614 The websocket protocols take bit 30 and 31 so they are the last ones
2615 that fit within 32 bits - but cannot properly be exported through APIs
2616 since those use *signed* 32 bit types (long) in places.
2620 - [zhanghu on xiaomi brought this change]
2622 formdata: fix warning: 'CURLformoption' is promoted to 'int'
2624 curl/lib/formdata.c: In function 'FormAdd':
2625 curl/lib/formdata.c:249:31: warning: 'CURLformoption' is promoted to 'int' when passed through '...'
2626 249 | option = va_arg(params, CURLformoption);
2628 curl/lib/formdata.c:249:31: note: (so you should pass 'int' not 'CURLformoption' to 'va_arg')
2629 curl/lib/formdata.c:249:31: note: if this code is reached, the program will abort
2633 - CURLOPT_CONNECT_ONLY.3: for ws(s) as well
2635 and correct the version number for when that support comes. Even if it
2636 is still experimental for WebSocket.
2640 - tool_operate: avoid a few #ifdefs for disabled-libcurl builds
2642 By providing empty macros in the header file instead, the code gets
2643 easier to read and yet is disabled on demand.
2647 - [a1346054 on github brought this change]
2649 scripts: use `grep -E` instead of `egrep`
2655 - [Hayden Roche brought this change]
2657 wolfSSL: fix session management bug.
2659 Prior to this commit, non-persistent pointers were being used to store
2660 sessions. When a WOLFSSL object was then freed, that freed the session
2661 it owned, and thus invalidated the pointer held in curl's cache. This
2662 commit makes it so we get a persistent (deep copied) session pointer
2663 that we then add to the cache. Accordingly, wolfssl_session_free, which
2664 was previously a no-op, now needs to actually call SSL_SESSION_free.
2666 This bug was discovered by a wolfSSL customer.
2670 - docs: use "WebSocket" in singular
2672 This is how the RFC calls the protocol. Also rename the file in docs/ to
2673 WEBSOCKET.md in uppercase to match how we have done it for many other
2674 protocol docs in similar fashion.
2676 Add the WebSocket docs to the tarball.
2680 Marcel Raad (12 Sep 2022)
2681 - ws: fix build without `USE_WEBSOCKETS`
2683 The curl.h include is required unconditionally.
2685 - ws: add missing curl.h include
2687 A conflict between commits 664249d0952 and e5839f4ee70 broke the build.
2689 Daniel Stenberg (12 Sep 2022)
2690 - ws: fix an infof() call to use %uz for size_t output
2692 Detected by Coverity, CID 1514665.
2696 Marcel Raad (12 Sep 2022)
2697 - curl_setup: include only system.h instead of curl.h
2699 As done before commit 9506d01ee50.
2701 Ref: https://github.com/curl/curl/pull/9375#discussion_r957010158
2702 Closes https://github.com/curl/curl/pull/9453
2704 - lib: add missing limits.h includes
2706 Closes https://github.com/curl/curl/pull/9453
2708 - lib and tests: add missing curl.h includes
2710 Closes https://github.com/curl/curl/pull/9453
2712 - curl_setup: include curl.h after platform setup headers
2714 The platform setup headers might set definitions required for the
2717 Ref: https://github.com/curl/curl/pull/9375#discussion_r956998269
2718 Closes https://github.com/curl/curl/pull/9453
2720 Daniel Stenberg (12 Sep 2022)
2721 - [Benjamin Loison brought this change]
2723 docs: correct missing uppercase in Markdown files
2725 To detect these typos I used:
2728 clear && grep -rn '\. [a-z]' . | uniq | grep -v '\. lib' | grep -v '[0-9]\. [a-z]' | grep -v '\.\. [a-z]' | grep -v '\. curl' | grep -v 'e.g. [a-z]' | grep -v 'eg. [a-z]' | grep -v '\etc. [a-z]' | grep -v 'i.e\. [a-z]' | grep --color=always '\. [a-z]' | grep '\.md'
2733 - tool_setopt: use better English in --libcurl source comments
2737 XYZ was set to an object pointer
2738 ABC was set to a function pointer
2742 - setopt: make protocol2num use a curl_off_t for the protocol bit
2744 ... since WSS does not fit within 32 bit.
2746 Bug: https://github.com/curl/curl/pull/9467#issuecomment-1243014887
2749 - RELEASE-NOTES: synced
2751 - configure: polish the grep -E message a bit further
2753 Suggested-by: Emanuele Torre
2756 - GHA: add a gcc-11 -O3 build using OpenSSL
2758 Since -O3 might trigger other warnings
2762 - [Patrick Monnerat brought this change]
2764 content_encoding: use writer struct subclasses for different encodings
2766 The variable-sized encoding-specific storage of a struct contenc_writer
2767 currently relies on void * alignment that may be insufficient with
2768 regards to the specific storage fields, although having not caused any
2771 In addition, gcc 11.3 issues a warning on access to fields of partially
2772 allocated structures that can occur when the specific storage size is 0:
2774 content_encoding.c: In function āCurl_build_unencoding_stackā:
2775 content_encoding.c:980:21: warning: array subscript āstruct contenc_writer[0]ā is partly outside array bounds of āunsigned char[16]ā [-Warray-bounds]
2776 980 | writer->handler = handler;
2777 | ~~~~~~~~~~~~~~~~^~~~~~~~~
2778 In file included from content_encoding.c:49:
2779 memdebug.h:115:29: note: referencing an object of size 16 allocated by ācurl_dbg_callocā
2780 115 | #define calloc(nbelem,size) curl_dbg_calloc(nbelem, size, __LINE__, __FILE__)
2781 | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2782 content_encoding.c:977:60: note: in expansion of macro ācallocā
2783 977 | struct contenc_writer *writer = (struct contenc_writer *)calloc(1, sz);
2785 To solve both these problems, the current commit replaces the
2786 contenc_writer/params structure pairs by "subclasses" of struct
2787 contenc_writer. These are structures that contain a contenc_writer at
2788 offset 0. Proper field alignment is therefore handled by the compiler and
2789 full structure allocation is performed, silencing the warnings.
2793 - configure: correct the wording when checking grep -E
2795 The check first checks that grep -E works, and only as a fallback tries
2796 to find and use egrep. egrep is deprecated.
2798 This change only corrects the output wording, not the checks themselves.
2802 Viktor Szakats (10 Sep 2022)
2803 - websockets: sync prototypes in docs with implementation [ci skip]
2805 Docs for the new send/recv functions synced with the committed versions
2810 Daniel Stenberg (10 Sep 2022)
2811 - setopt: make protocols2num() work with websockets
2813 So that CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR can
2814 specify those as well.
2816 Reported-by: Patrick Monnerat
2817 Bug: https://curl.se/mail/lib-2022-09/0016.html
2820 - curl/websockets.h: remove leftover bad typedef
2822 Just a leftover trace of a development thing that did not stay like
2825 Reported-by: Marc Hƶrsken
2829 Marcel Raad (10 Sep 2022)
2830 - [Orgad Shaneh brought this change]
2832 fix Cygwin/MSYS compilation
2834 _getpid is Windows API. On Cygwin variants it should remain getpid.
2839 Marc Hoersken (10 Sep 2022)
2840 - GHA: prepare workflow merge by aligning structure again
2844 Daniel Stenberg (9 Sep 2022)
2845 - docs: the websockets symbols are added in 7.86.0
2851 - tests/libtest/Makefile.inc: fixup merge conflict mistake
2853 - EXPERIMENTAL.md: add WebSockets
2855 - appveyor: enable websockets
2857 - cirrus: enable websockets in the windows builds
2859 - GHA: add websockets to macos, openssl3 and hyper builds
2861 - tests: add websockets tests
2863 - add websockets support to sws
2864 - 2300: first very basic websockets test
2865 - 2301: first libcurl test for ws (not working yet)
2866 - 2302: use the ws callback
2867 - 2303: test refused upgrade
2869 - curl_ws_meta: initial implementation
2871 - curl_ws_meta.3: added docs
2873 - ws: initial websockets support
2877 - version: add ws + wss
2879 - libtest/lib1560: test basic websocket URL parsing
2881 - configure: add --enable-websockets
2883 - docs/WebSockets.md: docs
2885 - test415: verify Content-Length parser with control code + negative value
2887 - strtoofft: after space, there cannot be a control code
2889 With the change from ISSPACE() to ISBLANK() this function no longer
2890 deals with (ignores) control codes the same way, which could lead to
2891 this function returning unexpected values like in the case of
2892 "Content-Length: \r-12354".
2894 Follow-up to 6f9fb7ec2d7cb389a0da5
2896 Detected by OSS-fuzz
2897 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51140
2898 Assisted-by: Max Dymond
2901 - headers: reset the requests counter at transfer start
2903 If not, reusing an easy handle to do a subsequent transfer would
2904 continue the counter from the previous invoke, which then would make use
2905 of the header API difficult/impossible as the request counter
2908 Add libtest 1947 to verify.
2910 Reported-by: Andrew Lambert
2914 Jay Satiro (8 Sep 2022)
2915 - header: define public API functions as extern c
2917 Prior to this change linker errors would occur if curl_easy_header or
2918 curl_easy_nextheader was called from a C++ unit.
2920 Bug: https://github.com/curl/curl/issues/9424#issuecomment-1238818007
2921 Reported-by: Andrew Lambert
2923 Closes https://github.com/curl/curl/pull/9446
2925 Daniel Stenberg (8 Sep 2022)
2926 - http2: make nghttp2 less picky about field whitespace
2928 In nghttp2 1.49.0 it returns error on leading and trailing whitespace in
2929 header fields according to language in the recently shipped RFC 9113.
2931 nghttp2 1.50.0 introduces an option to switch off this strict check and
2932 this change enables this option by default which should make curl behave
2933 more similar to how it did with nghttp2 1.48.0 and earlier.
2935 We might want to consider making this an option in the future.
2939 - RELEASE-NOTES: synced
2941 And bump to 7.86.0 for the pending next release
2943 - [Michael Heimpold brought this change]
2945 ftp: ignore a 550 response to MDTM
2947 The 550 is overused as a return code for multiple error case, e.g.
2948 file not found and/or insufficient permissions to access the file.
2950 So we cannot fail hard in this case.
2952 Adjust test 511 since we now fail later.
2953 Add new test 3027 which check that when MDTM failed, but the file could
2954 actually be retrieved, that in this case no filetime is provided.
2956 Reported-by: Michael Heimpold
2960 - urlapi: leaner with fewer allocs
2962 Slightly faster with more robust code. Uses fewer and smaller mallocs.
2964 - remove two fields from the URL handle struct
2965 - reduce copies and allocs
2966 - use dynbuf buffers more instead of custom malloc + copies
2967 - uses dynbuf to build the host name in reduces serial alloc+free within
2969 - move dedotdotify into urlapi.c and make it static, not strdup the input
2970 and optimize it by checking for . and / before using strncmp
2971 - remove a few strlen() calls
2972 - add Curl_dyn_setlen() that can "trim" an existing dynbuf
2976 Jay Satiro (7 Sep 2022)
2977 - setup-win32: no longer define UNICODE/_UNICODE implicitly
2979 - If UNICODE or _UNICODE is defined but the other isn't then error
2980 instead of implicitly defining it.
2982 As Marcel pointed out it is too late at this point to make such a define
2983 because Windows headers may already be included, so likely it never
2984 worked. We never noticed because build systems that can make Windows
2985 Unicode builds always define both. If one is defined but not the other
2986 then something went wrong during the build configuration.
2988 Bug: https://github.com/curl/curl/pull/9375#discussion_r956545272
2989 Reported-by: Marcel Raad
2991 Closes https://github.com/curl/curl/pull/9384
2993 Dan Fandrich (6 Sep 2022)
2994 - tests: fix tag syntax errors in test files
2996 Marc Hoersken (6 Sep 2022)
2997 - lib: add required Win32 setup definitions in setup-win32.h
2999 Assisted-by: Jay Satiro
3000 Reviewed-by: Marcel Raad
3005 Daniel Stenberg (6 Sep 2022)
3006 - pingpong: extend the response reading error with errno
3008 To help diagnosing the cause of the problem.
3013 - curl-compilers.m4: use -O2 as default optimize for clang
3019 - tool_operate: fix msnprintfing the error message
3021 Follow-up to 7be53774c41c59b47075fba
3023 Coverity CID 1513717 pointed out that we cannot use sizeof() on the
3024 error buffer anymore.
3028 - [Emanuele Torre brought this change]
3030 curl_ctype: add space around <= operator in ISSPACE macro
3032 Follow-up to f65f750
3036 - CURLOPT_PROXY_SSLCERT_BLOB.3: this is for HTTPS proxies
3038 The 'protocols' listed were previously wrong.
3040 Reported-by: ProceduralMan on github
3044 - curl_ctype: convert to macros-only
3046 This no longer provide functions, only macros. Runs faster and produces
3049 The biggest precaution this change brings:
3051 DO NOT use post/pre-increments when passing arguments to the macros.
3055 - misc: ISSPACE() => ISBLANK()
3057 Instances of ISSPACE() use that should rather use ISBLANK(). I think
3058 somewhat carelessly used because it sounds as if it checks for space or
3059 whitespace, but also includes %0a to %0d.
3061 For parsing purposes, we should only accept what we must and not be
3062 overly liberal. It leads to surprises and surprises lead to bad things.
3066 - ctype: remove all use of <ctype.h>, use our own versions
3068 Except in the test servers.
3072 Marc Hoersken (5 Sep 2022)
3073 - cmake: skip superfluous hex2dec conversion using math expr
3075 CMake seems to be able to compare two hex values just fine.
3076 Also make sure CURL_TARGET_WINDOWS_VERSION is respected.
3078 Assisted-by: Marcel Raad
3079 Reviewed-by: Viktor Szakats
3080 Reported-by: Keitagit-kun on github
3086 Daniel Stenberg (5 Sep 2022)
3087 - curl_easy_pause.3: unpausing is as fast as possible
3089 Reported-by: ssdbest on github
3093 - CURLOPT_DNS_INTERFACE.3: mention it works for almost all protocols
3097 Reported-by: ProceduralMan on github
3101 - NPN: remove support for and use of
3103 Next Protocol Negotiation is a TLS extension that was created and used
3104 for agreeing to use the SPDY protocol (the precursor to HTTP/2) for
3105 HTTPS. In the early days of HTTP/2, before the spec was finalized and
3106 shipped, the protocol could be enabled using this extension with some
3109 curl supports the NPN extension with some TLS backends since then, with
3110 a command line option `--npn` and in libcurl with
3111 `CURLOPT_SSL_ENABLE_NPN`.
3113 HTTP/2 proper is made to use the ALPN (Application-Layer Protocol
3114 Negotiation) extension and the NPN extension has no purposes
3115 anymore. The HTTP/2 spec was published in May 2015.
3117 Today, use of NPN in the wild should be extremely rare and most likely
3118 totally extinct. Chrome removed NPN support in Chrome 51, shipped in
3119 June 2016. Removed in Firefox 53, April 2017.
3123 - RELEASE-NOTES: synced
3125 and bump the tentative next release version to 7.85.1
3127 - [Samuel Henrique brought this change]
3129 configure: fail if '--without-ssl' + explicit parameter for an ssl lib
3131 A side effect of a previous change to configure (576e507c78bdd2ec88)
3132 exposed a non-critical issue that can happen if configure is called with
3133 both '--without-ssl' and some parameter setting the use of a ssl library
3134 (e.g. --with-gnutls). The configure script would end up assuming this is
3135 a MultiSSL build, due to the way the case statement is written.
3137 I have changed the order of the variables in the string concatenation
3138 for the case statement and also tweaked the options so that
3139 --without-ssl never turns the build into a MultiSSL one and also clearly
3140 stating that there are conflicting parameters if the user sets it like
3145 - tests/certs/scripts: insert standard curl source headers
3147 ... including the SPDX-License-Identifier.
3149 These omissions were not detected by the RUEUSE CI job nor the copyright.pl
3150 scanners because we have a general wildcard in .reuse/dep5 for
3153 Reported-by: Samuel Henrique
3157 - [Samuel Henrique brought this change]
3159 docs: remove mentions of deprecated '--without-openssl' config parameter
3163 - [Samuel Henrique brought this change]
3165 manpages: Fix spelling of "allows to" -> "allows one to"
3168 https://salsa.debian.org/lintian/lintian/-/blob/master/tags/t/typo-in-manual-page.tag
3169 https://english.stackexchange.com/questions/60271/grammatical-complements-for-allow/60285#60285
3173 - [Samuel Henrique brought this change]
3175 CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes
3177 Lintian (on Debian) has been complaining about this for a while but
3178 I didn't bother initially as the groff parser that we use is not
3181 But I have now noticed that the online manpage is affected by it:
3182 https://curl.se/libcurl/c/CURLOPT_WILDCARDMATCH.html
3184 (I'm using double quotes for quoting-only down below)
3186 The section that should be parsed as "'\'" ends up being parsed as
3189 This is due to roffit not parsing "'\\'" correctly, which is fine
3190 as the "correct" way of writing "'\'" is "'\e'" instead.
3192 Note that this fix is not enough to fix the online manpage at
3193 curl's website, as roffit seems to parse it wrongly either way.
3195 My intent is to at least fix the manpage so that roffit can
3196 be changed to parse "'\e'" correctly (although I suggest making
3197 roffit parse both ways correctly, since that's what groff does).
3200 https://bugs.debian.org/966803
3201 https://salsa.debian.org/lintian/lintian/-/blob/930b18e4b28b7540253f458ef42a884cca7965c3/tags/a/acute-accent-in-manual-page.tag
3205 - tool_operate: reduce errorbuffer allocs
3207 - parallel transfers: only alloc and keep errorbuffers in memory for
3208 actual "live" transfers and not for the ones in the pending queue
3210 - serial transfers: reuse the same fixed buffer for all transfers, not
3215 Viktor Szakats (31 Aug 2022)
3216 - misc: spelling fixes
3218 Found using codespell 2.2.1.
3220 Also delete the redundant protocol designator from an archive.org URL.
3222 Reviewed-by: Daniel Stenberg
3225 Daniel Stenberg (31 Aug 2022)
3226 - tool_progress: remove 'Qd' from the parallel progress bar
3228 The "queued" value is no longer showing anything useful to the user. It
3229 is an internal number of transfers waiting at that moment.
3233 - tool_operate: prevent over-queuing in parallel mode
3235 When doing a huge amount of parallel transfers, we must not add them to
3236 the per_transfer list frivolously since they all use memory after all.
3237 This was previous done without really considering millions or billions
3238 of transfers. Massive parallelism would use a lot of memory for no good
3241 The queue is now limited to twice the paralleism number.
3243 This makes the 'Qd' value in the parallel progress meter mostly useless
3244 for users, but works for now for us as a debug display.
3246 Reported-by: justchen1369 on github
3250 Viktor Szakats (31 Aug 2022)
3251 - cmake: fix original MinGW builds
3253 1. Re-enable `HAVE_GETADDRINFO` detection on Windows
3255 Commit d08ee3c83d6bd416aef62ff844c98e47c4682429 (in 2013) added logic
3256 that automatically assumed `getaddrinfo()` to be present for builds
3257 with IPv6 enabled. As it turns out, certain toolchains (e.g. original
3258 MinGW) by default target older Windows versions, and thus do not
3259 support `getaddrinfo()` out of the box. The issue was masked for
3260 a while by CMake builds forcing a newer Windows version, but that
3261 logic got deleted in commit 8ba22ffb2030ed91312fc8634e29516cdf0a9761.
3262 Since then, some CI builds started failing due to IPv6 enabled,
3263 `HAVE_GETADDRINFO` set, but `getaddrinfo()` in fact missing.
3265 It also turns out that IPv6 works without `getaddrinfo()` since commit
3266 67a08dca27a6a07b36c7f97252e284ca957ff1a5 (from 2019, via #4662). So,
3267 to resolve all this, we can now revert the initial commit, thus
3268 restoring `getaddrinfo()` detection and support IPv6 regardless of its
3271 Reported-by: Daniel Stenberg
3273 2. Omit `bcrypt` with original MinGW
3275 Original (aka legacy/old) MinGW versions do not support `bcrypt`
3276 (introduced with Vista). We already have logic to handle that in
3277 `lib/rand.c` and autotools builds, where we do not call the
3278 unsupported API and do not link `bcrypt`, respectively, when using
3281 This patch ports that logic to CMake, fixing the link error:
3282 `c:/mingw/bin/../lib/gcc/mingw32/9.2.0/../../../../mingw32/bin/ld.exe: cannot find -lbcrypt`
3284 Ref: https://ci.appveyor.com/project/curlorg/curl/builds/44624888/job/40vle84cn4vle7s0#L508
3285 Regression since 76172511e7adcf720f4c77bd91f49278300ec97e
3292 Version 7.85.0 (31 Aug 2022)
3294 Daniel Stenberg (31 Aug 2022)
3295 - RELEASE-NOTES: synced
3299 - THANKS: add contributors from the 7.85.0 release
3301 - getparam: correctly clean args
3303 Follow-up to bf7e887b2442783ab52
3305 The previous fix for #9128 was incomplete and caused #9397.
3310 - zuul: remove the clang-tidy job
3312 Turns out we don't see the warnings, but the warnings right now are
3313 plain ridiculous and unhelpful so we can just as well just kill this
3318 - cmake: set feature PSL if present
3320 ... make test 1014 pass when libpsl is used.
3324 - lib530: simplify realloc failure exit path
3326 To make code analyzers happier
3330 - [Orgad Shaneh brought this change]
3332 tests: add tests for netrc login/password combinations
3334 Covers the following PRs:
3342 - [Orgad Shaneh brought this change]
3344 url: really use the user provided in the url when netrc entry exists
3346 If the user is specified as part of the URL, and the same user exists
3347 in .netrc, Authorization header was not sent at all.
3349 The user and password fields were assigned in conn->user and password
3350 but the user was not assigned to data->state.aptr, which is the field
3351 that is used in output_auth_headers and friends.
3353 Fix by assigning the user also to aptr.
3355 Amends commit d1237ac906ae7e3cd7a22c3a2d3a135a97edfbf5.
3359 - [Orgad Shaneh brought this change]
3361 netrc: Use the password from lines without login
3363 If netrc entry has password with empty login, use it for any username.
3367 machine example.com password 123456
3369 curl -vn http://user@example.com/
3371 Fix it by initializing state_our_login to TRUE, and reset it only when
3372 finding an entry with the same host and different login.
3376 - [Jay Satiro brought this change]
3378 url: treat missing usernames in netrc as empty
3380 - If, after parsing netrc, there is a password with no username then
3381 set a blank username.
3383 This used to be the case prior to 7d600ad (precedes 7.82). Note
3384 parseurlandfillconn already does the same thing for URLs.
3386 Reported-by: Raivis <standsed@users.noreply.github.com>
3387 Testing-by: Domen Kožar
3389 Fixes https://github.com/curl/curl/issues/8653
3393 - test8: verify that "ctrl-byte cookies" are ignored
3395 - cookie: reject cookies with "control bytes"
3397 Rejects 0x01 - 0x1f (except 0x09) plus 0x7f
3399 Reported-by: Axel Chong
3401 Bug: https://curl.se/docs/CVE-2022-35252.html
3407 - libssh: ignore deprecation warnings
3409 libssh 0.10.0 marks all SCP functions as "deprecated" which causes
3410 compiler warnings and errors in our CI jobs and elsewhere. Ignore
3411 deprecation warnings if 0.10.0 or later is found in the build.
3413 If they actually remove the functions at a later point, then someone can
3414 deal with that pain and functionality break then.
3419 - Revert "schannel: when importing PFX, disable key persistence"
3421 This reverts commit 70d010d285315e5f1cad6bdb4953e167b069b692.
3423 Due to further reports in #9300 that indicate this commit might
3426 - multi: use larger dns hash table for multi interface
3428 Have curl_multi_init() use a much larger DNS hash table than used for
3429 the easy interface to scale and perform better when used with _many_
3432 curl_share_init() sets an in-between size.
3434 Inspired-by: Ivan Tsybulin
3438 Marc Hoersken (28 Aug 2022)
3439 - CI/runtests.pl: add param for dedicated curl to talk to APIs
3441 This should make it possible to also report test failures
3442 if our freshly build curl binary is not fully functional.
3444 Reviewed-by: Daniel Stenberg
3447 Daniel Stenberg (27 Aug 2022)
3448 - [Jacob Tolar brought this change]
3450 openssl: add cert path in error message
3454 - [Jacob Tolar brought this change]
3456 cert.d: clarify that escape character works for file paths
3460 - gha: move over ngtcp2-gnutls CI job from zuul
3464 Marc Hoersken (26 Aug 2022)
3465 - cmake: add detection of threadsafe feature
3467 Avoids failing test 1014 by replicating configure checks
3468 for HAVE_ATOMIC and _WIN32_WINNT with custom CMake tests.
3470 Reviewed-by: Marcel Raad
3475 Daniel Stenberg (26 Aug 2022)
3476 - RELEASE-NOTES: synced
3478 Marc Hoersken (26 Aug 2022)
3479 - CI/azure: align torture shallowness with GHA
3481 There 25 is used with FTP tests skipped, and 20 for FTP tests.
3482 This should make torture tests stay within the 60min timeout.
3484 Reviewed-by: Daniel Stenberg
3487 - multi_wait: fix and improve Curl_poll error handling on Windows
3489 First check for errors and return CURLM_UNRECOVERABLE_POLL
3490 before moving forward and waiting on socket readiness events.
3492 Reviewed-by: Jay Satiro
3493 Reviewed-by: Marcel Raad
3495 Reported-by: Daniel Stenberg
3501 - multi_wait: fix skipping to populate revents for extra_fds
3503 On Windows revents was not populated for extra_fds if
3504 multi_wait had to wait due to the Curl_poll pre-check
3505 not signalling any readiness. This commit fixes that.
3507 Reviewed-by: Marcel Raad
3508 Reviewed-by: Jay Satiro
3512 - CI/appveyor: disable TLS in msys2-native autotools builds
3514 Schannel cannot be used from msys2-native Linux-emulated builds.
3516 Reviewed-by: Marcel Raad
3517 Reviewed-by: Daniel Stenberg
3522 Jay Satiro (25 Aug 2022)
3523 - tests: fix http2 tests to use CRLF headers
3525 Prior to this change some tests that rely on nghttpx proxy did not use
3526 CRLF headers everywhere. A recent change in nghttp2, which updated its
3527 version of llhttp (HTTP parser), requires curl's HTTP/1.1 test server to
3530 Ref: https://github.com/nghttp2/nghttp2/commit/9d389e8
3532 Fixes https://github.com/curl/curl/issues/9364
3533 Closes https://github.com/curl/curl/pull/9365
3535 Daniel Stenberg (25 Aug 2022)
3536 - [rcombs brought this change]
3538 multi: use a pipe instead of a socketpair on apple platforms
3540 Sockets may be shut down by the kernel when the app is moved to the
3541 background, but pipes are not.
3543 Removed from KNOWN_BUGS
3548 - [Somnath Kundu brought this change]
3550 libssh2: provide symlink name in SFTP dir listing
3552 When reading the symbolic link name for a file, we need to add the file
3553 name to base path name.
3557 - configure: if asked to use TLS, fail if no TLS lib was detected
3559 Previously the configure script would just warn about this fact and
3560 continue with TLS disabled build which is not always helpful. TLS should
3561 be explicitly disabled if that is what the user wants.
3565 - [Dustin Howett brought this change]
3567 schannel: when importing PFX, disable key persistence
3569 By default, the PFXImportCertStore API persists the key in the user's
3570 key store (as though the certificate was being imported for permanent,
3573 The documentation specifies that keys that are not to be persisted
3574 should be imported with the flag `PKCS12_NO_PERSIST_KEY`.
3575 NOTE: this flag is only supported on versions of Windows newer than XP
3581 - unit1303: four tests should have TRUE for 'connecting'
3583 To match the comments.
3585 Reported-by: Wu Zheng
3590 - CURLOPT_BUFFERSIZE.3: add upload buffersize to see also
3594 - [Fabian Fischer brought this change]
3596 HTTP3.md: add missing autoreconf command for building with wolfssl
3600 - RELEASE-NOTES: synced
3602 - multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
3604 įŗhen it has been used in the multi interface, it is otherwise left in
3605 the connection cache, can't be reused and nothing will close them since
3606 the easy handle loses the association with the multi handle and thus the
3607 connection cache - until the multi handle is closed or it gets pruned
3608 because the cache is full.
3610 Reported-by: Dominik Thalhammer
3614 - docs/cmdline-opts: remove \& escapes from all .d files
3616 gen.pl escapes them itself now
3618 - docs/cmdline-opts/gen.pl: encode leading single and double quotes
3620 As "(aq" and "(dq" to prevent them from implying a meaning in the nroff
3621 output. This removes the need for using \& escapes in the .d files'
3626 Marc Hoersken (23 Aug 2022)
3627 - tests/server/sockfilt.c: avoid race condition without a mutex
3629 Avoid loosing any triggered handles by first aborting and joining
3630 the waiting threads before evaluating the individual signal state.
3632 This removes the race condition and therefore need for a mutex.
3636 Daniel Stenberg (22 Aug 2022)
3637 - [Emil Engler brought this change]
3639 url: output the maximum when rejecting a url
3641 This commit changes the failf message to output the maximum length, when
3642 curl refuses to process a URL because it is too long.
3647 - [Chris Paulson-Ellis brought this change]
3649 configure: fix broken m4 syntax in TLS options
3651 Commit b589696f added lines to some shell within AC_ARG_WITH macros, but
3652 inadvertently failed to move the final closing ).
3654 Quote the script section using braces.
3656 So, if these problems have been around for a while, how did I find them?
3657 Only because I did a configure including these options:
3659 $ ./configure --with-openssl --without-rustls
3660 SSL: enabled (OpenSSL)
3664 - tests/data/CMakeLists: remove making the 'show' makefile target
3666 It is not used by runtests since 3c0f462
3670 - tests/data/Makefile: remove 'filecheck' target
3672 No practical use anymore since 3c0f4622cdfd6
3676 - libssh2: make atime/mtime date overflow return error
3680 - libssh: make atime/mtime date overflow return error
3684 - examples/curlx.c: remove
3686 This example is a bit convoluted to use as an example, combined with the
3687 special license for it makes it unsuitable.
3691 - [Tobias Nygren brought this change]
3693 curl.h: include <sys/select.h> on SunOS
3695 It is needed for fd_set to be visible to downstream consumers that use
3696 <curl/multi.h>. Header is known to exist at least as far back as Solaris
3701 - DEPRECATE.md: push the NSS deprecation date forward one year to 2023
3703 URL: https://curl.se/mail/lib-2022-08/0016.html
3705 - libssh2: setting atime or mtime >32bit on 4-bytes-long systems
3707 Since the libssh2 API uses 'long' to store the timestamp, it cannot
3708 transfer >32bit times on Windows and 32bit architecture builds.
3710 Avoid nasty surprises by instead not setting such time.
3716 - libssh: setting atime or mtime > 32bit is now just skipped
3718 The libssh API used caps the time to an unsigned 32bit variable. Avoid
3719 nasty surprises by instead not setting such time.
3721 Spotted by Coverity.
3725 Jay Satiro (16 Aug 2022)
3726 - KNOWN_BUGS: Windows Unicode builds use homedir in current locale
3728 Bug: https://github.com/curl/curl/pull/7252
3729 Reported-by: dEajL3kA@users.noreply.github.com
3731 Ref: https://github.com/curl/curl/pull/7281
3733 Closes https://github.com/curl/curl/pull/9305
3735 Daniel Stenberg (16 Aug 2022)
3736 - test399: switch it to use a config file instead
3738 ... as using a 65535 bytes host name in a URL does not fit on the
3739 command line on some systems - like Windows.
3741 Reported-by: Marcel Raad
3745 - RELEASE-NOTES: synced
3747 - asyn-ares: make a single alloc out of hostname + async data
3749 This saves one alloc per name resolve and simplifies the exit path.
3753 - Curl_close: call Curl_resolver_cancel to avoid memory-leak
3755 There might be a pending (c-ares) resolve that isn't free'd up yet.
3759 - asyn-thread: fix socket leak on OOM
3763 - GHA: mv CI torture test from Zuul
3767 - ngtcp2-wolfssl.yml: add GHA to build ngtcp2 + wolfSSL
3771 - test399: verify check of too long host name
3773 - url: reject URLs with hostnames longer than 65535 bytes
3775 It *probably* causes other problems too since DNS can't resolve such
3776 long names, but the SNI field in TLS is limited to 16 bits length.
3780 - curl_multi_perform.3: minor language fix
3784 - ngtcp2: fix picky compiler warnings with wolfSSL for QUIC
3786 Follow-up to 8a13be227eede2
3790 - ngtcp2: remove leftover variable
3792 Mistake leftover from my edit before push.
3794 Follow-up from 8a13be227eede2601c2b3b
3795 Reported-by: Viktor Szakats
3796 Bug: https://github.com/curl/curl/pull/9290#issuecomment-1214569167
3798 Viktor Szakats (15 Aug 2022)
3799 - Makefile.m32: allow -nghttp3/-ngtcp2 without -ssl [ci skip]
3801 Before this patch `-nghttp3`/`-ngtcp2` had an effect only when `-ssl`
3802 was also enabled. `-ssl` meaning OpenSSL (and its forks). After
3803 8a13be227eede2601c2b3b1c63e08b3dc9b35dd5 nghttp3/ngtcp2 can also be
3804 used together with wolfSSL. This patch adds the ability to enable
3805 `-nghttp3`/`-ngtcp2` independently from `-ssl` (OpenSSL), allowing to
3806 use it with wolfSSL or other, future TLS backends.
3808 Before this patch, it was fine to enable `-nghttp3`/`-ngtcp2`
3809 unconditionally. After this patch, this is no longer the case, and now
3810 it's the user's responsibility to enable `-nghttp3`/`-ngtcp2` only
3811 together with a compatible TLS backend.
3813 When using a TLS backend other than OpenSSL, the TLS-specific ngtcp2
3814 library must be configured manually, e.g.:
3815 `export CURL_LDFLAG_EXTRAS=-lngtcp2_crypto_wolfssl`
3817 (or via `NGTCP2_LIBS`)
3821 Daniel Stenberg (15 Aug 2022)
3822 - [Stefan Eissing brought this change]
3824 quic: add support via wolfSSL
3826 - based on ngtcp2 PR https://github.com/ngtcp2/ngtcp2/pull/505
3827 - configure adapted to build against ngtcp2 wolfssl crypto lib
3828 - quic code added for creation of WOLFSSL* instances
3832 Marcel Raad (14 Aug 2022)
3833 - [David Carlier brought this change]
3835 memdebug: add annotation attributes
3837 memory debug tracking annotates whether the returned pointer does not
3838 `alias`, hints where the size required is, for Windows to be better
3839 debugged via Visual Studio.
3841 Closes https://github.com/curl/curl/pull/9306
3843 Daniel Stenberg (14 Aug 2022)
3844 - GHA: move libressl CI from zuul to GitHub
3848 - KNOWN_BUGS: FTPS directory listing hangs on Windows with Schannel
3852 - KNOWN_BUGS: CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
3856 - KNOWN_BUGS: libssh blocking and infinite loop problem
3860 - RELEASE-NOTES: synced
3862 - msh3: fix the QUIC disconnect function
3864 And free request related memory better in 'done'. Fixes a memory-leak.
3866 Reported-by: Gisle Vanem
3870 - connect: close the happy eyeballs loser connection when using QUIC
3872 Reviewed-by: Nick Banks
3876 - [Emil Engler brought this change]
3878 refactor: split resolve_server() into functions
3880 This commit splits the branch-heavy resolve_server() function into
3881 various sub-functions, in order to reduce the amount of nested
3884 Beside this, it also removes many else-sequences, by returning in the
3885 previous if-statement.
3889 - schannel: re-indent to use curl style better
3891 Only white space changes
3895 - [Emanuele Torre brought this change]
3897 docs/cmdline-opts: fix example and categories for --form-escape
3899 The example was missing a "--form" argument
3900 I also replaced "--form" with "-F" to shorten the line a bit since it
3901 was already very long.
3903 And I also moved --form-escape from the "post" category to the "upload"
3904 category (this is what I originally wanted to fix, before also noticing
3905 the mistake in the example).
3909 - [Nick Banks brought this change]
3911 HTTP3.md: update to msh3 v0.4.0
3915 - hostip: resolve *.localhost to 127.0.0.1/::1
3917 Following the footsteps of other clients like Firefox/Chrome. RFC 6761
3918 says clients SHOULD do this.
3920 Add test 389 to verify.
3922 Reported-by: TheKnarf on github
3926 Jay Satiro (11 Aug 2022)
3927 - KNOWN_BUGS: long paths are not fully supported on Windows
3929 Bug: https://github.com/curl/curl/issues/8361
3930 Reported-by: Gisle Vanem
3932 Closes https://github.com/curl/curl/pull/9288
3934 Daniel Stenberg (11 Aug 2022)
3935 - config: remove the check for and use of SIZEOF_SHORT
3937 shorts are 2 bytes on all platforms curl runs and have ever run on.
3941 - configure: introduce CURL_SIZEOF
3943 This is a rewrite of the previously used GPLv3+exception licensed
3944 file. With this change, there is no more reference to GPL so we can
3945 remove that from LICENSES/.
3950 - [Sean McArthur brought this change]
3952 hyper: customize test1274 to how hyper unfolds headers
3956 - [Orgad Shaneh brought this change]
3958 curl-config: quote directories with potential space
3960 On Windows (at least with CMake), the default prefix is
3961 C:/Program Files (x86)/CURL.
3965 - [Oliver Roberts brought this change]
3967 amigaos: fix threaded resolver on AmigaOS 4.x
3969 Replace ip4 resolution function on AmigaOS 4.x, as it requires runtime
3970 feature detection and extra code to make it thread safe.
3974 - [Emil Engler brought this change]
3976 imap: use ISALNUM() for alphanumeric checks
3978 This commit replaces a self-made character check for alphanumeric
3979 characters within imap_is_bchar() with the ISALNUM() macro, as it is
3980 reduces the size of the code and makes the performance better, due to
3985 - RELEASE-NOTES: synced
3987 - [Cering on github brought this change]
3989 connect: add quic connection information
3994 - [Philip Heiduck brought this change]
3996 cirrus/freebsd-ci: bootstrap the pip installer
3998 Signed-off-by: Philip H <47042125+pheiduck@users.noreply.github.com>
4002 - urldata: move smaller fields down in connectdata struct
4004 By (almost) sorting the struct fields in connectdata in a decending size
4005 order, having the single char ones last, we reduce the number of holes
4006 in the struct and thus the amount of storage needed.
4010 - ldap: adapt to conn->port now being an 'int'
4012 Remove typecasts. Fix printf() formats.
4014 Follow-up from 764c6bd3bf.
4015 Pointed out by Coverity CID 1507858.
4019 - KNOWN_BUGS: Negotiate authentication against Hadoop HDFS
4023 - [Oliver Roberts brought this change]
4025 file: add handling of native AmigaOS paths
4027 On AmigaOS 4.x, handle native absolute paths, whilst blocking relative
4028 paths. Also allow unix style paths if feature enabled at link time.
4030 Inspiration-from: Michael Trebilcock
4034 - KNOWN_BUGS: cmake build is not thread-safe
4036 The cmake build does not check for and verify presence of a working
4037 Atomic type, which then makes curl_global_init() to not build
4038 thread-safe on non-Windows platforms.
4040 Closes https://github.com/curl/curl/issues/8973
4041 Closes https://github.com/curl/curl/pull/8982
4043 - [Oliver Roberts brought this change]
4045 configure: fixup bsdsocket detection code for AmigaOS 4.x
4047 The code that detects bsdsocket.library for AmigaOS did not work
4048 for AmigaOS 4.x. This has been fixed and also cleaned up a little
4049 to reduce duplication. Wasn't technically necessary before, but is
4050 required when building with AmiSSL instead of OpenSSL.
4054 - [Oliver Roberts brought this change]
4056 tool: reintroduce set file comment code for AmigaOS
4058 Amiga specific code which put the URL in the file comment was perhaps
4059 accidentally removed in b88940850002a3f1c25bc6488b95ad30eb80d696 having
4060 originally been added in 5c215bdbdfde8b2350cdcbac82aae0c914da5314.
4061 Reworked to fit the code changes and added it back in.
4063 Reported-by: Michael Trebilcock
4064 Originally-added-by: Chris Young
4068 - urldata: make 'negnpn' use less storage
4070 The connectdata struct field 'negnpn' never holds a value larger than
4071 30, so an unsigned char saves 3 bytes struct space.
4075 - urldata: make three *_proto struct fields smaller
4077 Use 'unsigned char' for storage instead of the enum, for three GSSAPI
4078 related fields in the connectdata struct.
4082 - connect: set socktype/protocol correctly
4084 So that an address used from the DNS cache that was previously used for
4085 QUIC can be reused for TCP and vice versa.
4087 To make this possible, set conn->transport to "unix" for unix domain
4088 connections ... and store the transport struct field in an unsigned char
4091 Reported-by: ć¦ćć
4095 - [Oliver Roberts brought this change]
4097 amissl: allow AmiSSL to be used with AmigaOS 4.x builds
4099 Enable AmiSSL to be used instead of static OpenSSL link libraries.
4100 for AmigaOS 4.x, as it already is in the AmigaOS 3.x build.
4104 - [opensignature on github brought this change]
4106 openssl: add details to "unable to set client certificate" error
4108 from: "curl: (58) unable to set client certificate"
4110 to: curl: (58) unable to set client certificate [error:0A00018F:SSL
4111 routines::ee key too small]
4115 - [Oliver Roberts brought this change]
4117 amissl: make AmiSSL v5 a minimum requirement
4119 AmiSSL v5 is the latest version, featuring a port of OpenSSL 3.0.
4120 Support for previous OpenSSL 1.1.x versions has been dropped, so
4121 makes sense to enforce v5 as the minimum requirement. This also
4122 allows all the AmiSSL stub workarounds to be removed as they are
4123 now provided in a link library in the AmiSSL SDK.
4127 - [Oliver Roberts brought this change]
4129 configure: -pthread not available on AmigaOS 4.x
4131 The most recent GCC builds for AmigaOS 4.x do not allow -pthread and
4132 exit with an error. Instead, need to explictly specify -lpthread.
4136 - digest: pass over leading spaces in qop values
4138 When parsing the "qop=" parameter of the digest authentication, and the
4139 value is provided within quotes, the list of values can have leading
4140 white space which the parser previously did not handle correctly.
4142 Add test case 388 to verify.
4144 Reported-by: vlubart on github
4148 - [Evgeny Grin (Karlson2k) brought this change]
4150 digest: reject broken header with session protocol but without qop
4154 - CURLINFO_SPEED_UPLOAD/DOWNLOAD.3: fix examples
4156 Reported-by: jvvprasad78 on github
4157 Assisted-by: Jay Satiro
4161 - [Fabian Keil brought this change]
4163 test44[2-4]: add '--resolve' to the keywords
4165 ... so the tests can be automatically skipped when
4166 using an external proxy like Privoxy.
4170 - RELEASE-NOTES: synced
4172 - CURLOPT_CONNECT_ONLY.3: clarify multi API use
4174 Reported-by: Maxim Ivanov
4178 - [Andrew Lambert brought this change]
4180 curl_easy_header: Add CURLH_PSEUDO to sanity check
4185 - [Emil Engler brought this change]
4187 docs: add dns category to --resolve
4189 This commit adds the dns category to the --resolve command line option,
4190 because it can be interpreted as both: a low-level connection option and
4191 an option related to the resolving of a hostname.
4193 It is also not common for dns options to belong to the connection
4194 category and vice versa. --ipv4 and --ipv6 are both good examples.
4198 Jay Satiro (2 Aug 2022)
4199 - [Wyatt O'Day brought this change]
4201 schannel: Add TLS 1.3 support
4203 - Support TLS 1.3 as the default max TLS version for Windows Server 2022
4206 - Support specifying TLS 1.3 ciphers via existing option
4207 CURLOPT_TLS13_CIPHERS (tool: --tls13-ciphers).
4209 Closes https://github.com/curl/curl/pull/8419
4211 Daniel Stenberg (2 Aug 2022)
4212 - [Emil Engler brought this change]
4214 cmdline-opts/gen.pl: improve performance
4216 On some systems, the gen.pl script takes nearly two minutes for the
4217 generation of the main-page, which is a completely unacceptable time.
4219 The slow performance has two causes:
4220 1. Use of a regex locale operator
4221 2. Useless invokations of loops
4223 The commit addresses the first issue by replacing the "\W" wiht
4224 [^a-zA-Z0-9_], which is, according to regex101.com, functionally
4225 equivalent to the previous operation, except that it is obviously
4226 limited to ASCII only, which is fine, as the curl project is
4227 English-only anyway.
4229 The second issue is being addressed by only running the loop if the line
4230 contains a "--" in it. The loop may be completeley removed in the
4233 Co-authored-by: Emanuele Torre <torreemanuele6@gmail.com>
4239 - docs/cmdline: mark fail and fail-with-body as mutually exclusive
4241 Reported-by: Andreas Sommer
4245 - [Nao Yonashiro brought this change]
4247 quiche: fix build failure
4249 Reviewed-by: Alessandro Ghedini
4252 Viktor Szakats (2 Aug 2022)
4253 - configure.ac: drop references to deleted functions
4255 follow-up from 4d73854462f30948acab12984b611e9e33ee41e6
4257 Reported-by: Oliver Roberts
4261 Daniel Stenberg (28 Jul 2022)
4262 - [Sean McArthur brought this change]
4264 hyper: enable obs-folded multiline headers
4268 - connect: revert the use of IP*_RECVERR
4270 The options were added in #6341 and d13179d, but cause problems: Lots of
4271 POLLIN event occurs but recvfrom read nothing.
4273 Reported-by: Tatsuhiro Tsujikawa
4277 - [Marco Kamner brought this change]
4279 docs: remove him/her/he/she from documentation
4283 - RELEASE-NOTES: synced
4285 - tool_getparam: make --doh-url "" switch it off
4287 A possible future addition could be to parse the URL first too to verify
4288 that it is valid before trying to use it.
4290 Assisted-by: Jay Satiro
4293 - mailmap: add rzrymiak on github
4295 Jay Satiro (26 Jul 2022)
4296 - ngtcp2: Fix build error due to change in nghttp3 prototypes
4298 ngtcp2/nghttp3@4a066b2 changed nghttp3_conn_block_stream and
4299 nghttp3_conn_shutdown_stream_write return from int to void.
4301 Reported-by: jurisuk@users.noreply.github.com
4303 Fixes https://github.com/curl/curl/issues/9204
4304 Closes https://github.com/curl/curl/pull/9200
4306 Daniel Stenberg (26 Jul 2022)
4307 - [rzrymiak on github brought this change]
4309 BUGS.md: improve language
4313 - [Philip Heiduck brought this change]
4315 cirrus.yml: replace py38-pip with py39-pip
4317 Reported-by: Jay Satiro
4321 - tool_getparam: fix cleanarg() for unicode builds
4323 Use the correct type, and make cleanarg an empty macro if the cleaning
4329 Reviewed-by: Jay Satiro
4330 Reviewed-by: Marcel Raad
4332 Marc Hoersken (25 Jul 2022)
4333 - test3026: add support for Windows using native Win32 threads
4335 Reviewed-by: Viktor Szakats
4336 Reviewed-by: Jay Satiro
4337 Reviewed-by: Daniel Stenberg
4339 Follow up to 7ade9c50b35d95d47a43880c3097bebab7a7e690
4342 Jay Satiro (25 Jul 2022)
4343 - [Evgeny Grin (Karlson2k) brought this change]
4345 digest: fix memory leak, fix not quoted 'opaque'
4347 Fix leak regression introduced by 3a6fe0c.
4349 Closes https://github.com/curl/curl/pull/9199
4351 Daniel Stenberg (23 Jul 2022)
4352 - tests: several enumerated type cleanups
4358 - tool_paramhlp: fix "enumerated type mixed with another type"
4364 - tool_writeout: fix enumerated type mixed with another type
4368 - tool_cfgable: make 'synthetic_error' a plain bool
4370 The specific reason was not used.
4374 - tool_paramhlp: make check_protocol return ParameterError
4376 "enumerated type mixed with another type"
4380 - tool_formparse: fix variable may be used before its value is set
4386 - sendf: skip storing HTTP headers if HTTP disabled
4390 - url: enumerated type mixed with another type
4392 Follow-up to 1c58e7ae99ce2030213f28b
4396 - urldata: change second proxytype field to unsigned char to match
4398 To avoid "enumerated type mixed with another type"
4402 - http: typecast the httpreq assignment to avoid icc compiler warning
4404 error #188: enumerated type mixed with another type
4408 - urldata: make state.httpreq an unsigned char
4410 To match set.method used for the same purpose.
4414 - splay: avoid using -1 in unsigned variable
4416 To fix icc compiler warning integer conversion resulted in a change of sign
4420 - sendf: store the header type in an usigned char to avoid icc warnings
4424 - multi: fix the return code from Curl_pgrsDone()
4426 It does not return a CURLcode. Detected by the icc compiler warning
4427 "enumerated type mixed with another type"
4431 - sendf: make Curl_debug a void function
4433 As virtually no called checked the return code, and those that did
4434 wrongly treated it as a CURLcode. Detected by the icc compiler warning:
4435 enumerated type mixed with another type
4439 - http_chunks: remove an assign + typecast
4441 As it caused icc to complain: "pointer cast involving 64-bit pointed-to
4446 - vtls: make Curl_ssl_backend() return the enum type curl_sslbackend
4448 To fix the icc warning enumerated type mixed with another type
4452 - curl-compilers.m4: make icc use -diag* options and disable two warnings
4454 -wd and -we are deprecated and are now -diag-disable and -diag-error
4456 Disable warning 1024 and 2259
4460 - [Matthew Thompson brought this change]
4462 GHA: add two Intel compiler CI jobs
4466 - [Daniel Katz brought this change]
4468 curl-functions.m4: check whether atomics can link rather than just compile
4470 Some build toolchains support C11 atomics (i.e., _Atomic types), but
4471 will not link the associated atomics runtime unless a flag is passed. In
4472 such an environment, linking an application with libcurl.a can fail due
4473 to undefined symbols for atomic load/store functions.
4475 I encountered this behavior when upgrading curl to 7.84.0 and attempting
4476 to build with Solaris Studio 12.6. Solaris provides the flag
4477 -xatomic=[gcc | studio], allowing users to link to one of two atomics
4478 runtime implementations. However, if the user does not provide this
4479 flag, then neither runtime is linked. This led to builds failing in CI.
4483 - [Rosen Penev brought this change]
4485 curl-wolfssl.m4: add options header when building test code
4487 Needed for certain configurations of wolfSSL. Otherwise, missing header
4490 Tested with OpenWrt.
4494 - ftp: use a correct expire ID for timer expiry
4496 This was an accurate error pointed out by the icc warning: enumerated
4497 type mixed with another type
4502 - sendf: fix paused header writes since after the header API
4504 Regression since d1e4a67
4506 Reported-by: Sergey Ogryzkov
4510 - mprintf: fix *dyn_vprintf() when out-of-memory
4512 Follow-up to 0e48ac1f99a. Torture-testing 1455 would lead to a memory
4517 - curl-confopts: remove leftover AC_REQUIREs
4519 configure.ac:3488: warning: CURL_CHECK_FUNC_IOCTL is m4_require'd but not m4_defun'd
4520 configure.ac:3488: warning: CURL_CHECK_FUNC_SETSOCKOPT is m4_require'd but not m4_defun'd
4522 follow-up from 4d73854462f30
4526 - file: fix icc enumerated type mixed with another type warning
4531 Viktor Szakats (19 Jul 2022)
4532 - tidy-up: delete unused build configuration macros
4534 Most of them feature guards:
4536 - `CURL_INCLUDES_SYS_UIO` [1]
4537 - `HAVE_ALLOCA_H` [2]
4538 - `HAVE_CRYPTO_CLEANUP_ALL_EX_DATA` (unused since de71e68000c8624ea13f90b136f8734dd0fb1bdc)
4543 - `HAVE_GETHOSTBYNAME` [3]
4546 - `HAVE_GETPROTOBYNAME`
4547 - `HAVE_GETSERVBYNAME`
4552 - `HAVE_KRB_GET_OUR_IP_FOR_REALM`
4555 - `HAVE_LDAP_INIT_FD`
4561 - `HAVE_LOCALTIME_R`
4565 - `HAVE_NETINET_IF_ETHER_H`
4566 - `HAVE_NI_WITHSCOPEID`
4567 - `HAVE_OPENSSL_CRYPTO_H`
4568 - `HAVE_OPENSSL_ERR_H`
4569 - `HAVE_OPENSSL_PEM_H`
4570 - `HAVE_OPENSSL_PKCS12_H`
4571 - `HAVE_OPENSSL_RAND_H`
4572 - `HAVE_OPENSSL_RSA_H`
4573 - `HAVE_OPENSSL_SSL_H`
4574 - `HAVE_OPENSSL_X509_H`
4577 - `HAVE_RAND_SCREEN`
4578 - `HAVE_RAND_STATUS`
4582 - `HAVE_SIZEOF_LONG_DOUBLE`
4592 - `HAVE_STRUCT_IN6_ADDR`
4594 - `HAVE_TLD_STRERROR`
4601 - `NEED_BASENAME_PROTO`
4605 - `SIZEOF_LONG_DOUBLE`
4606 - `STRERROR_R_TYPE_ARG3`
4608 - `_USRDLL` (from CMake) [4]
4610 [1] Related parts in `m4/curl-functions.m4` and `configure.ac` might
4613 [2] Related comment can possibly be deleted in
4614 `packages/vms/generate_config_vms_h_curl.com`.
4616 [3] There are more instances of this in autotools, but I did not dare to
4617 touch those. Looked like it's used to detect socket support.
4619 [4] This is necessary for MFC (Microsoft Foundation Class) DLLs to
4620 force linking MFC components statically to the DLL. `libcurl.dll`
4621 does not use MFC, so we can delete this define.
4622 Ref: https://docs.microsoft.com/cpp/build/regular-dlls-statically-linked-to-mfc
4624 Script that can help finding unused settings like above:
4627 autoheader configure.ac # generate lib/curl_config.h.in
4630 grep -o -E 'set\([A-Z][A-Z0-9_]{3,}' CMake/Platforms/WindowsCache.cmake | sed -E 's|set\(||g'
4631 grep -o -E -h '#define +[A-Z][A-Z0-9_]{3,}' lib/config-*.h | sed -E 's|#define +||g'
4632 grep -o -E '#cmakedefine +[A-Z][A-Z0-9_]{3,}' lib/curl_config.h.cmake | sed -E 's|#cmakedefine +||g'
4633 grep -o -E '#undef +[A-Z][A-Z0-9_]{3,}' lib/curl_config.h.in | sed -E 's|#undef +||g'
4634 } | sort -u | grep -v -F 'HEADER_CURL_' | while read -r def; do
4635 c="$(git grep -w -F "${def}" | grep -v -E -c '(/libcurl\.tmpl|^lib/config-|^lib/curl_config\.h\.cmake|^CMakeLists\.txt|^CMake/Platforms/WindowsCache\.cmake|^packages/vms/config_h\.com|^m4/curl-functions\.m4|^acinclude\.m4|^configure\.ac)')"
4636 if [ "${c}" = '0' ]; then
4642 Reviewed-by: Daniel Stenberg
4645 Daniel Stenberg (19 Jul 2022)
4646 - RELEASE-NOTES: synced
4648 - cookie: treat a blank domain in Set-Cookie: as non-existing
4650 This matches what RFC 6265 section 5.2.3 says.
4652 Extended test 31 to verify.
4655 Reported-by: Gwen Shapira
4658 - [Patrick Monnerat brought this change]
4660 base64: base64url encoding has no padding
4662 See RFC4648 section 5 and RFC7540 section 3.2.1.
4664 Suppress generation of '=' padding of base64url encoding. This is
4665 accomplished by considering the string beginning at offset 64 in the
4666 character table as the padding: this is "=" for base64, "" for base64url.
4668 Also use strchr() to replace character search loops where possible.
4670 Suppress erroneous comments about empty encoding results.
4672 Adjust unit test 1302 to unpadded base64url encoding and add tests for
4677 - easyoptions: fix icc warning
4679 easyoptions.c(360): error #188: enumerated type mixed with another type
4682 Reported-by: Matthew Thompson
4685 - [lwthiker brought this change]
4687 h2h3: fix overriding the 'TE: Trailers' header
4689 A 'TE: Trailers' header is explicitly replaced by 'te: trailers'
4690 (lowercase) in Curl_pseudo_headers() when building the list of HTTP/2 or
4691 HTTP/3 headers. However, this is then replaced again by the original
4692 value due to a bug, resulting in the uppercased version being sent. Some
4693 HTTP/2 servers reject the whole HTTP/2 stream when this is the case.
4697 - lib3026: reduce the number of threads to 100
4699 Down from 1000, to make it run and work in more systems.
4702 Reported-by: Ćrico Nogueira Rolim
4705 - doh: move doh related struct definitions to doh.h
4707 and make 'dnstype' in 'struct dnsprobe' use the DNStype to fix the icc compiler warning:
4709 doh.c(924): error #188: enumerated type mixed with another type
4711 Reported-by: Matthew Thompson
4715 Viktor Szakats (17 Jul 2022)
4716 - Makefile.m32: stop trying to build libcares.a [ci skip]
4718 Before this patch, `lib/Makefile.m32` had a rule to build `libcares.a` in
4719 `-cares`-enabled builds, via c-ares's own `Makefile.m32`. Committed in
4720 2007 [1]. The commit message doesn't specifically address this particular
4721 change. This logic comes from the times when c-ares was part of the curl
4722 source tree, hence the special treatment.
4724 This feature creates problems when building c-ares first, using CMake
4725 and pointing `LIBCARES_PATH` to its install prefix, where `Makefile.m32`
4726 is missing in such case. A sub-build for c-ares is undesired also when
4727 c-ares had already been build via its own `Makefile.m32`.
4729 To avoid the sub-build, this patch deletes its Makefile rule. After this
4730 patch `libcares.a` needs to be manually built before using it in
4731 `Makefile.m32`. Aligning it with the rest of dependencies.
4733 [1] 46c92c0b806da041d7a5c6fb64dbcdc474d99b31
4735 Reviewed-by: Daniel Stenberg
4738 Daniel Stenberg (17 Jul 2022)
4739 - curl: writeout: fix repeated header outputs
4741 The function stored a terminating zero into the buffer for convenience,
4742 but when on repeated calls that would cause problems. Starting now, the
4743 passed in buffer is not modified.
4745 Reported-by: highmtworks on github
4749 - curl_multi_timeout.3: clarify usage
4753 Reported-by: jvvprasad78 on github
4755 - mprintf: make dprintf_formatf never return negative
4757 This function no longer returns a negative value if the formatting
4758 string is bad since the return value would sometimes be propagated as a
4759 return code from the mprintf* functions and they are documented to
4760 return the length of the output. Which cannot be negative.
4764 Reported-by: yiyuaner on github
4766 Viktor Szakats (17 Jul 2022)
4767 - trace: 0x7F character is non-printable
4769 `0x7F` is `DEL`, a non-printable symbol, so print it as
4772 Reported-by: MasterInQuestion on github
4776 - doh: use https protocol by default
4778 The only allowed protocol is https, so it makes sense to use that
4779 by default if not passed explicitly by the user.
4781 Reported-by: MasterInQuestion on github
4782 Reviewed-by: Jay Satiro
4786 - openssl: fix BoringSSL symbol conflicts with LDAP and Schannel
4788 Same issue as here [1], but this time when building curl with BoringSSL
4789 for Windows with LDAP(S) or Schannel support enabled.
4791 Apply the same fix [2] for these source files as well.
4793 This can also be fixed by moving `#include "urldata.h"` _before_
4794 including `winldap.h` and `schnlsp.h` respectively. This seems like
4795 a cleaner fix, though I'm not sure why it works and if it has any
4798 [1] https://github.com/curl/curl/issues/5669
4799 [2] https://github.com/curl/curl/commit/fbe07c6829ba8c5793c84c2856526e19e9029ab9
4801 Co-authored-by: Jay Satiro
4804 Daniel Stenberg (13 Jul 2022)
4805 - asyn-thread: make getaddrinfo_complete return CURLcode
4807 ... as the only caller that cares about what it returns assumes that
4808 anyway. This caused icc to warn:
4810 asyn-thread.c(505): error #188: enumerated type mixed with another type
4811 result = getaddrinfo_complete(data);
4813 Repoorted-by: Matthew Thompson
4814 Bug: https://github.com/curl/curl/issues/9081#issuecomment-1182143076
4817 - easy_lock: fix build with icc
4819 The Intel compiler tries to look like GCC *and* clang *and* it lies in
4820 its __has_builtin() function (returns true when it should return false),
4823 Reported-by: Matthew Thompson
4827 - configure: fix --disable-headers-api
4829 Reported-by: MichaÅ Antoniak
4833 - test3026: require 'threadsafe'
4835 Reported-by: Sukanya Hanumanthu
4839 - [Even Rouault brought this change]
4841 CMake: link curl to its dependencies with PRIVATE
4843 The current PUBLIC visibility causes issues for downstream users.
4844 Cf https://github.com/OSGeo/PROJ/pull/3172#issuecomment-1157942986
4846 Reviewed-by: Jakub Zakrzewski
4849 - [Even Rouault brought this change]
4851 CMake: remove APPEND in export(TARGETS)
4853 When running cmake several times, new content was appended to already
4854 existing generated files, which is not appropriate
4856 Reviewed-by: Jakub Zakrzewski
4859 - [Tatsuhiro Tsujikawa brought this change]
4861 ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks
4865 - RELEASE-NOTES: synced
4867 Viktor Szakats (11 Jul 2022)
4868 - build: improve OS string in CMake and `config-win32.h`
4870 This patch makes CMake fill the "OS string" with the value of
4871 `CMAKE_C_COMPILER_TARGET`, if passed. This typically contains a triplet,
4872 the same we can pass to `./configure` via `--host=`.
4874 For non-CMake, non-autotools, Windows builds, this patch adds the ability
4875 to override the default `OS` value in `lib/config-win32.h`.
4877 With these its possible to get the same OS string across the three build
4880 This patch supersedes the earlier, partial, CMake-only solution:
4881 435f395f3f8c11eebfcc243ca55ebcc11a19b8b8, thus retiring the
4882 `CURL_OS_SUFFIX` CMake option.
4884 Reviewed-by: Jay Satiro
4887 - Makefile.m32: add `CURL_RC` and `CURL_STRIP` variables [ci skip]
4889 They allow to override the hardcoded values for the `windres` and `strip`
4890 tools, complementing the existing set of `CURL_{CC,AR,RANLIB}` variables.
4892 `CURL_RC` comes handy when using LLVM tools with `CROSSPREFIX=llvm-` and
4893 `CURL_CC=clang` set on current latest debian:unstable or earlier, where
4894 `llvm-windres` is missing, and a `CURL_RC=<triplet>-windres` fixes it.
4895 Hopefully this will be fixed in the llvm package. FWIW `llvm-windres`
4896 does exist in Homebrew llvm, MSYS2 llvm and llvm-mingw.
4898 Reviewed-by: Daniel Stenberg
4901 Daniel Stenberg (10 Jul 2022)
4902 - [Tatsuhiro Tsujikawa brought this change]
4904 ngtcp2: fix stall or busy loop on STOP_SENDING with upload data
4909 - [Xiaoke Wang brought this change]
4911 tool_operate: better cleanup of easy handle in exit path
4915 - [Xiaoke Wang brought this change]
4917 getinfo: return better error on NULL as first argument
4921 - tool_getparam: repair cleanarg
4923 Regression since 9e5669f.
4925 Make sure the "cleaning" of command line arguments is done on the
4926 original argv[] pointers. As a bonus, it also exits better on out of
4929 Reported-by: Litter White
4933 Jay Satiro (10 Jul 2022)
4934 - docs: explain curl_easy_escape/unescape curl handle is ignored
4936 26101421 (precedes 7.82.0) removed character conversion support used by
4937 very old legacy operating systems and since then the curl handle passed
4938 to curl_easy_escape/unescape is always ignored.
4940 Bug: https://github.com/curl/curl/discussions/9115
4941 Reported-by: Ted Lyngmo
4943 Closes https://github.com/curl/curl/pull/9121
4945 Viktor Szakats (8 Jul 2022)
4946 - openssl: add `CURL_BORINGSSL_VERSION` to identify BoringSSL
4948 BoringSSL doesn't keep a version number, and doesn't self-identify itself
4949 via any other revision number via its own headers. We can identify
4950 BoringSSL revisions by their commit hash. This hash is typically known by
4951 the builder. This patch adds a way to pass this hash to libcurl, so that
4952 it can display in the curl version string:
4956 `CFLAGS=-DCURL_BORINGSSL_VERSION="c239ffd0"`
4959 curl 7.84.0 (x86_64-w64-mingw32) libcurl/7.84.0 BoringSSL/c239ffd0 (Schannel) zlib/1.2.12 [...]
4960 Release-Date: 2022-06-27
4961 Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 [...]
4962 Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos [...]
4965 The setting is optional, and if not passed, BoringSSL will appear without
4966 a version number, like before this patch.
4970 Jay Satiro (8 Jul 2022)
4971 - escape: remove outdated comment
4973 Bug: https://github.com/curl/curl/discussions/9115
4974 Reported-by: Ted Lyngmo
4976 - [Tatsuhiro Tsujikawa brought this change]
4978 ngtcp2: Fix missing initialization of nghttp3_nv.flags
4980 Closes https://github.com/curl/curl/pull/9118
4982 Daniel Stenberg (6 Jul 2022)
4983 - [Brad Forschinger brought this change]
4985 netrc.d: remove spurious quote
4989 Viktor Szakats (6 Jul 2022)
4990 - Makefile.m32: add `NGTCP2_LIBS` option [ci skip]
4992 Makefile.m32's ngtcp2 has its two libs hardwired for OpenSSL.
4993 Add `NGTCP2_LIBS` envvar to override them with a custom list,
4994 making it possible to use BoringSSL, or any other backend.
4998 Jay Satiro (6 Jul 2022)
4999 - [Evgeny Grin (Karlson2k) brought this change]
5001 digest: fix missing increment of 'nc' value for auth-int
5003 - Increment nc regardless of qop type.
5005 Prior to this change nc was only incremented for qop type auth even
5006 though libcurl sends nc with any qop.
5008 Closes https://github.com/curl/curl/pull/9090
5010 Daniel Stenberg (5 Jul 2022)
5011 - RELEASE-NOTES: synced
5015 - urldata: reduce size of four ftp related members
5017 ftp_filemethod, ftpsslauth and ftp_ccc are now uchars
5019 accepttimeout is now unsigned int - almost 50 days ought to be enough
5024 - urldata: reduce three type-members from int to uchar
5030 ... previously used their enum type in the struct, which made them
5035 - CURLOPT_SERVER_RESPONSE_TIMEOUT: the new name
5037 Starting now, CURLOPT_FTP_RESPONSE_TIMEOUT is the alias instead of the
5040 Since 7.20.0, CURLOPT_SERVER_RESPONSE_TIMEOUT has existed as an alias
5041 but since the option is for more protocols than FTP the more "correct"
5042 version of the option is the "server" one so now we switch.
5046 - urldata: make 'ftp_create_missing_dirs' a uchar
5048 It only ever holds the values 0-2.
5052 - [Don J Olmstead brought this change]
5054 cmake: support ngtcp2 boringssl backend
5056 Update the ngtcp2 find module to detect the boringssl backend. Determine
5057 if the underlying OpenSSL implementation is BoringSSL and if so use that
5058 as the ngtcp2 backend.
5060 Reviewed-by: Jakub Zakrzewski
5063 - urldata: change 4 timeouts to unsigned int from long
5065 They're not used for that long times anyway, 32 bit milliseconds is long
5070 - urldata: make 'use_netrc' a uchar
5074 - urldata: make 'buffer_size' an unsigned int
5076 It is already capped at READBUFFER_MAX which fits easily in 32 bits.
5080 - urldata: remove the unused 'rtspversion' struct member
5084 - urldata: make 'use_port' an usigned short
5086 ... instead of a long. It is already enforced to not attempt to set any
5087 value outside of 16 bits unsigned.
5091 - urldata: store dns cache timeout in an int
5093 68 years ought to be enough for most.
5097 - curl: proto2num: make sure obuf is inited
5099 Detected by Coverity. CID 1507052.
5103 - cookie: use %zu to infof() for size_t values
5105 Detected by Coverity. CID 1507051
5108 Viktor Szakats (4 Jul 2022)
5109 - makefile.m32: add support for custom ARCH [ci skip]
5111 When building curl for target platform other than x64 and x86, it is now
5112 possible to pass `ARCH=custom`, that will omit all hardcoded logic for
5113 setting up CFLAGS/LDFLAGS/RCFLAGS for these platforms, and let these be
5114 customized via `CURL_CFLAG_EXTRAS`, `CURL_LDFLAG_EXTRAS`, and a newly
5115 added one for the resource compiler: `CURL_RCFLAG_EXTRAS`.
5117 This makes it possible to use `makefile.m32` to build for ARM64 for
5120 Reviewed-by: Daniel Stenberg
5123 - cmake: do not force Windows target versions
5125 The goal of this patch is to avoid CMake forcing specific Windows
5126 versions and rely on toolchain defaults or manual selection instead.
5127 This gives back control to the user. This also brings CMake closer to
5128 how autotools and `Makefile.m32` behaves in this regard.
5130 - CMake had a setting `ENABLE_INET_PTON` defaulting to `ON`, which did
5131 nothing else than fixing the Windows build target to Vista. This also
5132 happened when the toolchain did not have Vista support (e.g. original
5133 MinGW), breaking such builds.
5135 In other environments it did not make a user-facing difference,
5136 because libcurl has its own pton() implementation, so it works well
5137 with or without Vista's inet_pton().
5139 This patch drops this setting. inet_pton() is now used whenever
5140 building for Vista or newer, either when requested manually or by
5141 default with modern toolchains (e.g. mingw-w64). Older envs will fall
5142 back to curl's pton().
5144 Ref: https://github.com/curl/curl/pull/9027#issuecomment-1164157604
5145 Ref: https://github.com/curl/curl/pull/8997#issuecomment-1164344155
5147 - When the user did no select a Windows target version manually, stop
5148 explicitly targeting Windows XP, and instead use the toolchain default.
5150 This may pose an issue with old toolchains defaulting to pre-XP
5151 targets. In such case you must manually target Windows XP via:
5152 `-DCURL_TARGET_WINDOWS_VERSION=0x0501`
5154 `-DCMAKE_C_FLAGS=-D_WIN32_WINNT=0x0501`
5156 Reviewed-by: Jay Satiro
5157 Reviewed-by: Marcel Raad
5160 - windows: improve random source
5162 - Use the Windows API to seed the fallback random generator.
5164 This ensures to always have a random seed, even when libcurl is built
5165 with a vtls backend lacking a random generator API, such as rustls
5166 (experimental), GSKit and certain mbedTLS builds, or, when libcurl is
5167 built without a TLS backend. We reuse the Windows-specific random
5168 function from the Schannel backend.
5170 - Implement support for `BCryptGenRandom()` [1] on Windows, as a
5171 replacement for the deprecated `CryptGenRandom()` [2] function.
5173 It is used as the secure random generator for Schannel, and also to
5174 provide entropy for libcurl's fallback random generator. The new
5175 function is supported on Vista and newer via its `bcrypt.dll`. It is
5176 used automatically when building for supported versions. It also works
5177 in UWP apps (the old function did not).
5179 - Clear entropy buffer before calling the Windows random generator.
5181 This avoids using arbitrary application memory as entropy (with
5182 `CryptGenRandom()`) and makes sure to return in a predictable state
5183 when an API call fails.
5185 [1] https://docs.microsoft.com/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom
5186 [2] https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptgenrandom
5190 Daniel Stenberg (4 Jul 2022)
5191 - setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR
5193 ... as replacements for deprecated CURLOPT_PROTOCOLS and
5194 CURLOPT_REDIR_PROTOCOLS as these new ones do not risk running into the
5195 32 bit limit the old ones are facing.
5197 CURLINFO_PROTCOOL is now deprecated.
5199 The curl tool is updated to use the new options.
5201 Added test 1597 to verify the libcurl protocol parser.
5205 - digest: simplify a switch() to a simple if
5207 - digest: provide a special bit for "sess" algos
5209 Also shortened the names and moved them to the .c file since they are
5210 private for this source file only. Also made them #defines instead of
5215 Jay Satiro (4 Jul 2022)
5216 - [Thomas WeiĆschuh brought this change]
5218 select: do not return fatal error on EINTR from poll()
5220 The same was done for select() in 5912da25 but poll() was missed.
5222 Bug: https://bugs.archlinux.org/task/75201
5223 Reported-by: Alexandre Bury (gyscos at archlinux)
5225 Ref: https://github.com/curl/curl/issues/8921
5226 Ref: https://github.com/curl/curl/pull/8961
5227 Ref: https://github.com/curl/curl/commit/5912da25#r77584294
5229 Closes https://github.com/curl/curl/pull/9091
5231 - [Kai Pastor brought this change]
5233 cmake: fix build for mingw cross compile
5235 - Change normaliz lib name to all lowercase.
5237 This is from a standing patch in vcpkg:
5238 Mingw has libnormaliz.a. For case-sensitive file systems (e.g. cross
5239 builds from Linux), the spelling must match exactly.
5241 Closes https://github.com/curl/curl/pull/9084
5243 - easy_lock: fix build for mingw
5245 - Define SRWLOCK symbols missing in some mingw environments.
5247 Closes https://github.com/curl/curl/pull/8997
5249 Daniel Stenberg (2 Jul 2022)
5250 - tool_progress: avoid division by zero in parallel progress meter
5252 Reported-by: Brian Carpenter
5256 - http_aws_sigv4.c: remove two unusued includes
5260 - .mailmap: additional edit
5262 Follow-up to 861e2a8aca6c7 so that Evgeny appears with the same in git
5263 logs even when using old email.
5265 - RELEASE-NOTES: synced
5269 - [Evgeny Grin (Karlson2k) brought this change]
5273 - [Evgeny Grin (Karlson2k) brought this change]
5275 THANKS: merged two entries for Evgeny Grin
5277 Also updated THANKS-filter file
5281 - [Jilayne Lovejoy brought this change]
5283 lib/curl_path.c: add ISC to license expression
5285 THe text of the ISC license is in this file, so the SPDX license
5286 expression should be updated
5290 - [Sean McArthur brought this change]
5292 hyper: use wakers for curl pause/resume
5296 Viktor Szakats (30 Jun 2022)
5297 - Makefile.m32: do not set the libcurl.rc debug flag [ci skip]
5299 Delete `-DDEBUGBUILD=0` windres option. This was likely meant to
5300 disable VS_FF_DEBUG in FILEFLAGS, but any assigned value enabled
5301 it instead. Delete this unnecessary option and thus sync up with
5302 how CMake compiles libcurl.rc by default.
5304 Reviewed-by: Jay Satiro
5307 Daniel Stenberg (29 Jun 2022)
5308 - curl.h: CURLE_CONV_FAILED is obsoleted
5310 The last use was removed in 7.82.0. Updated some docs too to reflect the
5311 current error code situation.
5315 - curl: output warning when a cookie is dropped due to size
5317 Dropped from the request, that is.
5321 - curl_mime_data.3: polish the wording
5325 - configure: check for the stdatomic.h header in configure
5327 ... and only set HAVE_ATOMIC if that header exists since we use
5328 typedefes set in it.
5330 Reported-by: Ryan Schmidt
5334 - easy_lock: fix the #ifdef conditional for ia32_pause
5336 To work better with new and old clang compilers.
5338 Reported-by: Ryan Schmidt
5339 Assisted-by: Joshua Root
5344 - easy_lock: switch to using atomic_int instead of bool
5346 To work with more compilers without requiring separate libs to
5347 link. Like with gcc-12 for RISC-V on Linux.
5349 Reported-by: Adam Sampson
5353 - [vvb2060 brought this change]
5355 ngtcp2: fix incompatible function pointer types
5359 - [vvb2060 brought this change]
5361 easy_lock.h: use __asm__ instead of asm to fix build
5365 - [Samuel Henrique brought this change]
5367 libcurl-security.3: fix typo on macro "SH_"
5369 During the packaging of the latest curl release for Debian, Lintian
5370 warned me about a typo which causes the section name "Secrets in memory"
5371 to not be rendered in the manpage due to "SH_" not being recognized as a
5376 - easy_lock.h: include sched.h if available to fix build
5378 Patched-by: Harry Sintonen
5382 Version 7.84.0 (27 Jun 2022)
5384 Daniel Stenberg (27 Jun 2022)
5385 - RELEASE-NOTES: synced
5387 Version 7.84.0 release
5389 - THANKS: contributors from 7.84.0 release notes
5391 - hsts: use Curl_fopen()
5393 - altsvc: use Curl_fopen()
5395 - fopen: add Curl_fopen() for better overwriting of files
5397 Bug: https://curl.se/docs/CVE-2022-32207.html
5399 Reported-by: Harry Sintonen
5402 - test444: test many received Set-Cookie:
5404 The amount of sent cookies in the test is limited to 80 because hyper
5405 has its own strict limits in how many headers it allows to be received
5406 which triggers at some point beyond this number.
5408 - test442/443: test cookie caps
5410 442 - verify that only 150 cookies are sent
5411 443 - verify that the cookie: header remains less than 8K in size
5413 - cookie: apply limits
5415 - Send no more than 150 cookies per request
5416 - Cap the max length used for a cookie: header to 8K
5417 - Cap the max number of received Set-Cookie: headers to 50
5419 Bug: https://curl.se/docs/CVE-2022-32205.html
5421 Reported-by: Harry Sintonen
5424 - test387: verify rejection of compression chain attack
5426 - content_encoding: return error on too many compression steps
5428 The max allowed steps is arbitrarily set to 5.
5430 Bug: https://curl.se/docs/CVE-2022-32206.html
5432 Reported-by: Harry Sintonen
5435 - krb5: return error properly on decode errors
5437 Bug: https://curl.se/docs/CVE-2022-32208.html
5439 Reported-by: Harry Sintonen
5442 - easy_lock.h: remove use of the deprecated ATOMIC_VAR_INIT macro
5444 clang 14 warns about its use. It is being deprecated by the working
5445 group for the programming language C: "The macro ATOMIC_VAR_INIT is
5446 basically useless for the purpose for which it was designed"
5448 Ref: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2886.htm
5450 Reported-by: Tatsuhiro Tsujikawa
5454 - [Stefan Eissing brought this change]
5456 ngtcp2: avoid supplying 0 length `msg_control` to sendmsg()
5458 Testing on macOS 12.4, sendmsg() fails with EINVAL when a msg_control
5459 buffer is provided in sengmsg(), even though msg_controllen was set to
5462 Initialize msg.msg_controllen just as needed and also perform the size
5463 assertion only when needed.
5467 - [Tom Eccles brought this change]
5469 ftp: restore protocol state after http proxy CONNECT
5471 connect_init() (lib/http_proxy.c) swaps out the protocol state while
5472 working on the proxy connection, this is then restored by
5473 Curl_connect_done() after the connection completes.
5475 ftp_do_more() extracted the protocol state pointer to a local variable
5476 at the start of the function then calls Curl_proxy_connect(). If the proxy
5477 connection completes, Curl_proxy_connect() will call Curl_connect_done()
5478 (via Curl_proxyCONNECT()), which restores data->req.p to point to the ftp
5479 protocol state instead of the http proxy protocol state, but the local
5480 variable in ftp_do_more still pointed to the old value.
5482 Ultimately this meant that the state worked on by ftp_do_more() was the
5483 http proxy state not the ftp state initialised by ftp_connect(), but
5484 subsequent calls to any ftp_ function would use the original state.
5486 For my use-case, the visible consequence was that ftp->downloadsize was
5487 never set and so downloaded data was never returned to the application.
5489 This commit updates the ftp protocol state pointer in ftp_do_more() after
5490 Curl_proxy_connect() returns, ensuring that the correct state pointer is
5496 Jay Satiro (23 Jun 2022)
5497 - THANKS: add contributor missing from aea8ac1
5499 aea8ac1 fixed #8980 which was reported by Sgharat on github, but that
5500 info was not included in the commit message.
5502 - curl_setup: include _mingw.h
5504 Prior to this change _mingw.h needed to be included in each unit before
5505 evaluating __MINGW{32,64}_xxx_VERSION macros since it defines them. It
5506 is included only in some mingw headers (eg stdio.h) and not others
5507 (eg windows.h) so it's better to explicitly include it once.
5509 Closes https://github.com/curl/curl/pull/9036
5511 Viktor Szakats (22 Jun 2022)
5512 - rand: stop detecting /dev/urandom in cross-builds
5514 - Prevent CMake to auto-detect /dev/urandom when cross-building.
5515 Before this patch, it would detect it in a cross-build scenario on *nix
5516 hosts with this device present. This was a problem for example with
5517 Windows builds, but it could affect any target system with this device
5518 missing. This also syncs detection behaviour with autotools, which also
5519 skips it for cross-builds.
5520 - Also, make sure to never use the file RANDOM_FILE as entropy for libcurl's
5521 fallback random number generator on Windows. Windows does not have the
5522 concept of reading a random stream from a filename, nor any guaranteed
5523 non-world-writable path on disk. With this, a manual misconfiguration or
5524 an overeager auto-detection can no longer result in a user-controllable
5527 Reviewed-by: Daniel Stenberg
5530 Daniel Stenberg (22 Jun 2022)
5531 - [Emanuele Torre brought this change]
5533 ci: avoid `cmake -Hpath`
5535 This is an undocumented option similar to the `-Spath' option introduced
5537 Replace all instances of `-Hpath' with `-Spath' in macos workflow.
5538 Replace `-H. -Bpath' with `mkdir path; cd ./path; cmake ..' in zuul
5539 scripts since it runs an older version of cmake.
5544 - INTERNALS: bring back the "Library symbols" section
5546 Most contents was moved, but this text should remain here.
5548 Follow-up to: d324ac8
5549 Reported-by: Viktor Szakats
5550 Bug: https://github.com/curl/curl/pull/9027#discussion_r903382326
5553 Viktor Szakats (22 Jun 2022)
5554 - Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
5556 Since this [1] commit in 2011, `_WIN32_WINNT` was set fixed to Windows
5557 XP when the `-ipv6` option is selected. Maybe this was added to support
5558 pre-XP Windows versions (?). These days libcurl builds fine for both XP
5559 and post-XP versions with IPv6 support enabled. The relevance of pre-XP
5560 version is also low by now. Other build methods also do not impose such
5561 limitation for a similar configuration. So, drop this hard-wired
5562 `_WIN32_WINNT` limit from `Makefile.m32`, thus building for the default
5563 Windows version set by the compiler. This is Vista for recent MinGW
5566 Old behaviour can be restored by setting this envvar:
5567 export CURL_CFLAG_EXTRAS=-D_WIN32_WINNT=0x0501
5569 [1] 98a61d8e2e8982786aaf3916cbbcac96838316e7
5573 Daniel Stenberg (21 Jun 2022)
5574 - CONTRIBUTE: mention how we maintain REUSE compliance
5576 for copyright and license information of all files stored in git
5580 - CURLOPT_ALTSVC.3: document the file format
5584 Jay Satiro (21 Jun 2022)
5585 - runtests: add "threadsafe" to detected features
5587 Follow-up to recent commits which added thread-safety support.
5589 Bug: https://github.com/curl/curl/pull/9012#discussion_r902018782
5590 Reported-by: Marc Hƶrsken
5592 Closes https://github.com/curl/curl/pull/9030
5594 Daniel Stenberg (20 Jun 2022)
5595 - easy: remove dead code
5597 Follow-up from 5912da253b64d
5599 Detected by Coverity (CID 1506519)
5603 - [Glenn Strauss brought this change]
5605 transfer: upload performance; avoid tiny send
5607 Append to the upload buffer when only small amount remains in buffer
5608 rather than performing a separate tiny send to empty buffer.
5610 Avoid degenerative upload behavior which might cause curl to send mostly
5611 1-byte DATA frames after exhausing the h2 send window size
5613 Related discussion: https://github.com/nghttp2/nghttp2/issues/1722
5615 Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
5618 - [Steve Holme brought this change]
5620 projects: fix third-party SSL library build paths for Visual Studio
5622 The paths used by the build batch files were inconsistent with those in
5623 the Visual Studio project files.
5627 - [Pierrick Charron brought this change]
5629 urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
5631 As per the documentation :
5633 > Setting a part to a NULL pointer will effectively remove that
5634 > part's contents from the CURLU handle.
5636 But currently clearing CURLUPART_URL does nothing and returns
5637 CURLUE_OK. This change will clear all parts of the URL at once.
5641 - [Philip Heiduck brought this change]
5643 CI: bump FreeBSD 13.0 to 13.1
5645 Signed-off-by: Philip H <47042125+pheiduck@users.noreply.github.com>
5648 - RELEASE-NOTES: synced
5650 and updated release date in RELEASE-PROCEDURE.md
5652 - [divinity76 brought this change]
5654 CURLOPT_HTTPHEADER.3: improve comment in example
5658 Marc Hoersken (16 Jun 2022)
5659 - CI/azure: reduce flakiness by retrying install/prepare steps
5663 - CI/cirrus: align Windows timeout with Azure CI at 120 minutes
5667 Jay Satiro (16 Jun 2022)
5668 - vtls: make curl_global_sslset thread-safe
5670 .. and update some docs to explain curl_global_* is now thread-safe.
5672 Follow-up to 23af112 which made curl_global_init/cleanup thread-safe.
5674 Closes https://github.com/curl/curl/pull/9016
5676 - curl_easy_pause.3: remove explanation of progress function
5678 - Remove misleading text that says progress function "gets called at
5679 least once per second, even if the connection is paused."
5681 The progress function behavior is more nuanced and the user is better
5682 served reading the progress function doc rather than attempt to explain
5683 it in the curl_easy_pause doc.
5685 The progress function can only be called at least once per second if an
5686 appropriate multi transfer function is called (eg curl_multi_perform) in
5687 that time. For a paused transfer there may not be such a call. Rather
5688 than explain this in detail in the curl_easy_pause doc, rely on the user
5689 reading the CURLOPT_PROGRESSFUNCTION doc.
5691 Ref: https://github.com/curl/curl/issues/8983
5693 Closes https://github.com/curl/curl/pull/9015
5695 Daniel Stenberg (15 Jun 2022)
5696 - libssh: skip the fake-close when libssh does the right thing
5698 Starting in libssh 0.10.0 ssh_disconnect() will no longer close our
5699 socket. Instead it will be kept alive as we want it, and it is our
5700 responsibility to close it later.
5703 Ref: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/240
5706 - configure: warn about rustls being experimental
5708 Right now a dozen test cases are disabled because they don't work with
5713 - runtests: skip starting the ssh server if user name is lacking
5715 Because the ssh server startup script *requires* a user name there's no
5716 point in invoking it if no name was found.
5718 Reported-by: Ricardo M. Correia
5722 - copyright.pl: parse and use .reuse/dep5 for skips
5724 Also scan skipped files to be able to find superfluous ignores, shown with -v.
5728 - reuse/dep5: adjusted to parse better
5730 ... adjusted a few files to contain copyright and license info.
5734 - buildconf.bat: update copyright year range
5738 - README.md: use the common "Copyright" style formatting
5742 - reuse: move license info from .mailmap.license to .reuse/dep5
5746 - README.md: add a REUSE badge
5750 - .reuse/dep5: remove recursive docs ignore, only skip markdown files
5752 ... and some additional non-markdown individual files in docs/
5756 - docs/cmdline-opts: add copyright and license identifier to each file
5758 gen.pl now insists on C: and SPDX-License-Identifier: fields to be
5759 present in all files.
5763 - copyright: info for/ignore .github/ISSUE_TEMPLATE/bug_report.md
5765 Follow-up from 448f7ef9ab2afb7. The adding of the copyright text in that
5766 file broke site functionality.
5770 - bug_report.md: revert the REUSE template to see if it works again
5772 Viktor Szakats (13 Jun 2022)
5773 - version: rename threadsafe-init to threadsafe
5775 Referring to Daniel's article [1], making the init function thread-safe
5776 was the last bit to make libcurl thread-safe as a whole. So the name of
5777 the feature may as well be the more concise 'threadsafe', also telling
5778 the story that libcurl is now fully thread-safe, not just its init
5779 function. Chances are high that libcurl wants to remain so in the
5780 future, so there is little likelihood of ever needing any other distinct
5781 `threadsafe-<name>` feature flags.
5783 For consistency we also shorten `CURL_VERSION_THREADSAFE_INIT` to
5784 `CURL_VERSION_THREADSAFE`, update its description and reference libcurl's
5785 thread safety documentation.
5787 [1]: https://daniel.haxx.se/blog/2022/06/08/making-libcurl-init-more-thread-safe/
5789 Reviewed-by: Daniel Stenberg
5790 Reviewed-by: Jay Satiro
5793 Daniel Stenberg (13 Jun 2022)
5794 - test3026: disable on win32
5796 ... as it's not likely to have working pthreads
5800 - GHA: shorten the reuse CI job name
5802 "REUSE compliance / check" should be good enough
5806 - misc: add missing SPDX-License-Identifier info
5808 For some reason the REUSE CI job did not find these.
5812 - copyright: verify SPDX-License-Identifier presence as well
5814 - easy_lock: add SPDX license identifier
5820 - [Max Mehl brought this change]
5822 git: ignore large commit making the curl REUSE compliant
5824 - [Max Mehl brought this change]
5826 copyright: make repository REUSE compliant
5828 Add licensing and copyright information for all files in this repository. This
5829 either happens in the file itself as a comment header or in the file
5832 This commit also adds a Github workflow to check pull requests and adapts
5833 copyright.pl to the changes.
5837 - curl_url_set.3: clarify by default using known schemes only
5841 - scripts/copyright.pl: ignore leading spaces
5843 Viktor Szakats (10 Jun 2022)
5844 - ngtcp2: fix typo in preprocessor condition
5846 Ref: 927ede7edcb7b05b8e8bbf9ced6aed523ae594a7
5848 Bug: https://github.com/curl/curl/pull/8981#discussion_r894312185
5849 Reported-by: Emil Engler
5852 Daniel Stenberg (10 Jun 2022)
5853 - RELEASE-NOTES: synced
5855 - [Tatsuhiro Tsujikawa brought this change]
5857 ngtcp2: build without sendmsg
5861 - [Tatsuhiro Tsujikawa brought this change]
5863 ngtcp2: use handshake helper funcs to simplify TLS handshake integration
5867 - test390: verify --parallel
5871 - test1543: verify CURLINFO_EFFECTIVE_URL with CURLOPT_CURLU set
5873 Triggered by a bug report from Adam Light:
5874 https://curl.se/mail/lib-2022-06/0013.html - which ended up being mostly
5875 a misunderstanding of how CURLINFO_EFFECTIVE_URL works.
5879 - url: URL encode the path when extracted, if spaces were set
5881 - urlapi: support CURLU_URLENCODE for curl_url_get()
5883 - server/sws: support spaces in the HTTP request path
5885 - tests/getpart: fix getpartattr to work with "data" and "data2"
5887 - select: return error from "lethal" poll/select errors
5889 Adds two new error codes: CURLE_UNRECOVERABLE_POLL and
5890 CURLM_UNRECOVERABLE_POLL one each for the easy and the multi interfaces.
5892 Reported-by: Harry Sintonen
5896 - test3026: add missing control file
5898 Follow-up from 2ed101256414ea5
5900 Makes the test run, makes 'make dist' work
5902 This single test takes 24-25 seconds on my machine (with valgrind). For
5903 this reason I tag it with a "slow" keyword.
5907 - runtests: fix skipping tests not done event-based
5909 ... and call timestampskippedevents() to avoid the flood of
5910 uninitialized variable warnings.
5914 - transfer: maintain --path-as-is after redirects
5916 Reported-by: Marcus T
5920 - test391: verify --path-as-is with redirect
5922 Jay Satiro (8 Jun 2022)
5923 - curl_global_init.3: Separate the Windows loader lock warning
5925 This is a slight correction of the parent commit which implied the
5926 loader lock warning only applied if not thread-safe. In fact the loader
5927 lock warning applies either way.
5929 Ref: https://github.com/curl/curl/pull/8972#discussion_r891987030
5931 Daniel Stenberg (8 Jun 2022)
5932 - curl_global_init.3: this is now (usually) thread-safe
5934 Follow-up to 23af112f5556
5938 Jay Satiro (8 Jun 2022)
5939 - [Haxatron brought this change]
5941 libcurl-security.3: Document CRLF header injection
5943 - Document that user input to header options is not sanitized, which
5944 could result in CRLF used to modify the request in a way other than
5947 Ref: https://hackerone.com/reports/1589877
5948 Ref: https://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545
5950 Closes https://github.com/curl/curl/pull/8964
5952 - CURLOPT_RANGE.3: remove ranged upload advice
5954 The e-mail link in the advice contains instructions that are prone to
5955 error. We need an example that works and can demonstrate how to properly
5956 perform a ranged upload, and then we can refer to that example instead.
5958 Bug: https://github.com/curl/curl/issues/8969
5959 Reported-by: Simon Berger
5961 Closes https://github.com/curl/curl/pull/8970
5963 Daniel Stenberg (7 Jun 2022)
5964 - [Thomas Guillem brought this change]
5966 curl_version_info: add CURL_VERSION_THREADSAFE_INIT
5968 This flag can be used to make sure that curl_global_init() is
5971 This can be useful for libraries that can't control what other
5972 dependencies are doing with Curl.
5976 - [Thomas Guillem brought this change]
5978 lib: make curl_global_init() threadsafe when possible
5980 Use a posix pthread or a Windows SRWLOCK to lock curl_global_init*() and
5981 curl_global_cleanup().
5985 - RELEASE-NOTES: synced
5987 - [Fabian Keil brought this change]
5989 test414: add the '--resolve' keyword
5991 ... so the test can be automatically skipped when
5992 using an external proxy like Privoxy.
5996 - [Fabian Keil brought this change]
5998 test{440,441,493,977}: add "HTTP proxy" keywords
6000 ... so the tests can be automatically skipped when
6001 using an external proxy like Privoxy.
6005 - [Fabian Keil brought this change]
6007 runtests.pl: add the --repeat parameter to the --help output
6011 - [Fabian Keil brought this change]
6013 test 2081: add a valid reply for the second request
6015 ... so the test works when using a HTTP proxy like
6016 Privoxy that sends an error message if the server
6021 - [Fabian Keil brought this change]
6023 test 675: add missing CR so the test passes when run through Privoxy
6027 - ftp: when failing to do a secure GSSAPI login, fail hard
6029 ... instead of switching to cleartext. For the sake of security.
6031 Reported-by: Harry Sintonen
6032 Bug: https://hackerone.com/reports/1590102
6035 - http2: reject overly many push-promise headers
6037 Getting more than a thousand of them is rather a sign of some kind of
6040 Reported-by: Harry Sintonen
6041 Bug: https://hackerone.com/reports/1589847
6044 - [Fabian Keil brought this change]
6046 misc: spelling improvements
6050 - [Tatsuhiro Tsujikawa brought this change]
6052 ngtcp2: fix assertion failure on EMSGSIZE
6056 - easy/transfer: fix cookie-disabled build
6058 Follow-up from 45de940cebf6a
6059 Reported-by: Marcel Raad
6063 - examples/crawler.c: use the curl license
6065 With permission from Jeroen Ooms
6067 URL: https://github.com/curl/curl/pull/8869#issuecomment-1144742731
6070 - speed-limit/time.d: mention these affect transfers in either direction
6072 Reported-by: Ladar Levison
6076 - scripts/copyright.pl: fix the exclusion to not ignore man pages
6081 - examples: remove fopen.c and rtsp.c
6083 To simplify the license situation, as they were the only files in the
6084 source tree using these specific BSD-3 clause licenses.
6086 For an fopen style API, we recommend instead going
6087 https://github.com/curl/fcurl
6092 - [Wolf Vollprecht brought this change]
6094 netrc: check %USERPROFILE% as well on Windows
6098 - CURLOPT_SSH_HOSTKEYDATA/FUNCTION.3: minor polish
6100 - [michael musset brought this change]
6102 libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
6104 The callback set by CURLOPT_SSH_HOSTKEYFUNCTION is called to check
6105 wether or not the connection should continue.
6107 The host key is passed in argument with a custom handle for the
6110 It overrides CURLOPT_SSH_KNOWNHOSTS
6114 - docs/CONTRIBUTE.md: document the 'needs-votes' concept
6116 A pull request sent to the project might get labeled `needs-votes` by a
6117 project maintainer. This label means that in addition to meeting all
6118 other checks and qualifications this pull request must also receive
6119 proven support/thumbs-ups from more community members to be considered
6124 - [Evgeny Grin (Karlson2k) brought this change]
6126 digest: tolerate missing "realm"
6128 Server headers may not define "realm", avoid NULL pointer dereference
6133 - [Evgeny Grin (Karlson2k) brought this change]
6135 digest: added detection of more syntax error in server headers
6137 Invalid headers should not be processed otherwise they may create
6142 - [Evgeny Grin (Karlson2k) brought this change]
6144 digest: unquote realm and nonce before processing
6146 RFC 7616 (and 2617) requires values to be "unquoted" before used for
6147 digest calculations. The only place where unquoting can be done
6148 correctly is header parsing function (realm="DOMAIN\\host" and
6149 realm=DOMAN\\host are different realms).
6151 This commit adds unquoting (de-escaping) of all values during header
6152 parsing and quoting of the values during header forming. This approach
6153 should be most straightforward and easy to read/maintain as all values
6154 are processed in the same way as required by RFC.
6158 - headers: handle unfold of space-cleansed headers
6160 Detected by OSS-fuzz
6162 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47767
6168 - lib: make more protocol specific struct fields #ifdefed
6170 ... so that they don't take up space if the protocols are disabled in
6175 - DISABLED: disable 1021 for hyper again
6177 due to flakiness in the CI builds
6179 - urldata: store tcp_keepidle and tcp_keepintvl as ints
6181 They can't be set larger than INT_MAX in the setsocket API calls.
6183 Also document the max values in their respective man pages.
6187 - urldata: reduce size of a few struct fields
6189 When the values are never larger than 32 bit, ints are better than longs.
6193 - urldata: remove three unused booleans from struct UserDefined
6201 - remote-name.d: mention --output-dir
6203 plus add two see-alsos
6207 Jay Satiro (1 Jun 2022)
6208 - configure: skip libidn2 detection when winidn is used
6210 Prior to this change --with-winidn could be overridden by libidn2
6213 Closes https://github.com/curl/curl/pull/8934
6215 Daniel Stenberg (31 May 2022)
6216 - CURLOPT_FILETIME.3: fix the protocols this works with
6218 - test681: verify --no-remote-name
6220 Follow-up to 83ee5c428d960 (from #8931)
6224 - [Tatsuhiro Tsujikawa brought this change]
6226 ngtcp2: enable Linux GSO
6228 Enable Linux GSO in ngtcp2 QUIC. In order to recover from the
6229 EAGAIN/EWOULDBLOCK by sendmsg with multiple packets in one GSO write,
6230 packet buffer is now held by struct quicsocket. GSO write might fail in
6231 runtime depending on NIC. Disable GSO if sendmsg returns EIO.
6235 - CURLOPT_PORT.3: We discourage using this option
6239 - RELEASE-NOTES: synced
6241 - headers_push: error out if a folded header has no previous header
6243 As that would indicate an illegal header. The fuzzer reached the assert
6244 in unfold_value() proving that this case can happen.
6246 Follow-up to c9b60f005358a364
6250 - [Boris Verkhovskiy brought this change]
6252 curl: re-enable --no-remote-name
6256 - test680: require 'http' since it uses such a URL
6258 Follow-up to d1b376c03524
6260 - CURLOPT_NETRC.3: document the .netrc file format
6262 - test680: verify rejection of malformatted .netrc quoted password
6264 - test679: verify netrc quoted string
6266 - netrc: support quoted strings
6268 The .netrc parser now accepts strings within double-quotes in order to
6269 deal with for example passwords containing white space - which
6270 previously was not possible.
6272 A password that starts with a double-quote also ends with one, and
6273 double-quotes themselves are escaped with backslashes, like \". It also
6274 supports \n, \r and \t for newline, carriage return and tabs
6277 If the password does not start with a double quote, it will end at first
6278 white space and no escaping is performed.
6280 WARNING: this change is not entirely backwards compatible. If anyone
6281 previously used a double-quote as the first letter of their password,
6282 the parser will now get it differently compared to before. This is
6283 highly unfortunate but hard to avoid.
6285 Reported-by: ImpatientHippo on GitHub
6289 - curl_getdate.3: document that some illegal dates pass through
6293 - CI: remove configure --enable-headers-api flags
6295 - headers api: remove EXPERIMENTAL tag
6299 Daniel Gustafsson (30 May 2022)
6300 - cookies: fix documentation comment
6302 Commit 4073cd83b2 added the noexpire parameter to Curl_cookie_add but
6303 missed updating the documentation comment at the head of the file.
6305 Daniel Stenberg (30 May 2022)
6306 - [Marc Hoersken brought this change]
6308 tests/data/test1940: use binary mode for expected stdout
6310 The generated stdout data is written in binary mode with [LF]
6311 line endings, therefore we also need to do a binary comparison.
6313 Assisted-by: Jay Satiro
6314 Assisted-by: Daniel Stenberg
6316 Follow up to c9b60f005358a364cbcddbebd8d12593acffdd84
6320 - CURLINFO_CAINFO/PATH.3: clarify the multiple TLS situation
6322 Spell out the multi-TLS situation.
6324 Reported-by: Dan Fandrich
6328 Jay Satiro (28 May 2022)
6329 - [JustAnotherArchivist brought this change]
6331 tool_getparam: fix --parallel-max maximum value constraint
6333 - Clamp --parallel-max to MAX_PARALLEL (300) instead of resetting to
6336 Previously, --parallel-max 300 would use 300 concurrent transfers, but
6337 --parallel-max 301 would unexpectedly use only 50. This change clamps
6338 higher values to the maximum (ie --parallel-max 301 would use 300).
6340 Closes https://github.com/curl/curl/pull/8930
6342 Daniel Stenberg (27 May 2022)
6343 - curl.1: add a few see also --tls-max
6347 Viktor Szakats (26 May 2022)
6348 - cmake: do not add libcurl.rc to the static libcurl library
6350 Fixes: https://github.com/curl/curl/pull/8918#issuecomment-1138263855
6352 Reviewed-By: Karlson2k@users.noreply.github.com
6355 - cmake: support adding a suffix to the OS value
6357 CMake automatically uses the `CMAKE_SYSTEM_NAME` value to fill the OS
6358 string appearing in the --version output after the curl version number,
6361 'curl 7.83.1 (Windows)'
6363 This patchs adds the ability to pass a suffix that is appended to this
6364 value. It's useful to add CPU info or other platform details,
6367 'curl 7.83.1 (Windows-x64)'
6371 - cmake: enable curl.rc for all Windows targets
6373 Before this patch, it was only enabled for MSVC. This syncs this
6374 configuration with libcurl.rc, which was already included with
6375 every Windows compiler.
6379 - cmake: fix detecting libidn2
6381 Without this patch, libidn2 detection doesn't even seem to be
6382 attempted. With this patch, cmake can be configured to pick it
6383 up and enable it. Necessary configuration remains manual and
6384 differs from most other dependencies.
6386 If you are aware of a better fix, we're glad hearing about it
6391 - version: allow stricmp() for sorting the feature list
6393 In CMakeLists.txt there is an attempt to detect `stricmp()`, and in
6394 certain cases, this attempt is the only successful one to detect a
6395 case-insensitive comparison function. `HAVE_STRICMP` is defined as
6396 a result, but this macro wasn't used anywhere in the source. This
6397 patch makes use of it as an alternative when alpha-sorting the
6398 `--version` feature list.
6400 Reviewed-by: Daniel Stenberg
6403 Daniel Stenberg (25 May 2022)
6404 - DISABLED: add six tests that fail with hyper
6406 1117 1274 1940 1941 1942 1943
6408 - c-hyper: mark status line as status for Curl_client_write()
6410 To make sure the headers API can filter it out as not a regular header.
6412 Reported-by: Gisle Vanem
6416 Marc Hoersken (25 May 2022)
6417 - tests/data/test1501: kill ftp server after slow LIST response
6419 This test is contributing to flakiness on the Windows CI runs.
6420 Killing the ftp server after the test run like other slowness
6421 tests already do may help resolve or reduce the flakiness.
6425 Daniel Stenberg (25 May 2022)
6426 - headers: fix the unfold realloc to use proper new size
6428 Previously it didn't take the old name length into acount
6430 Follow-up to: c9b60f005358a364
6433 Marc Hoersken (25 May 2022)
6434 - GHA: align all install, configure and build steps again
6436 First step towards more unified build steps on GitHub Actions.
6440 - CI/azure: remove obsolete strategy for single builds
6442 This shortens these CI job names on GitHub even more.
6443 Follow up to #8906 which also increased their timeout.
6447 - CI/azure: shorten names of Windows CI jobs
6449 Suggested-by: Daniel Stenberg
6452 Daniel Stenberg (24 May 2022)
6453 - http: restore header folding behavior
6455 Folded header lines will now get passed through like before. The headers
6456 API is adapted and will provide the content unfolded.
6458 Added test 1274 and extended test 1940 to verify.
6460 Reported-by: Petr Pisar
6464 Viktor Szakats (24 May 2022)
6465 - Makefile.m32: delete obsolete options, improve -On [ci skip]
6467 - `-D_AMD64_` has not been necessary for mingw-w64 builds for a long time now.
6468 - `-fno-strict-aliasing` is mentioned for Intel C compiler in autotools, and
6469 I used this with VxWorks in another project, but otherwise this isn't
6470 necessary anymore as a default. If a target still needs it, it can be
6471 added with `CURL_CFLAG_EXTRAS=-fno-strict-aliasing`
6472 - bump up default optimization level to `-O3` (from `-O2`), and also rearrange
6473 option order so the default can now be overridden via
6474 `CURL_CFLAG_EXTRAS`.
6475 - delete `-g` (generate debug info) from `CFLAGS` and `-s` from `LDFLAGS`
6476 (strip debug info). They were working against each other. Now, if someone
6477 needs debug info, it can be enabled via `CURL_CFLAG_EXTRAS=-g`
6481 Daniel Gustafsson (24 May 2022)
6482 - ntlm: fix one more hostname test fallout
6484 This fixup was missed in commit 5a41abef6dca19.
6487 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6489 - doh: remove UNITTEST macro definition
6491 The UNITTEST macro is defined by curl_setup.h so there is no use in
6492 carry a local copy of the logic.
6495 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6497 Daniel Stenberg (24 May 2022)
6498 - cookie: fix false positive "potentially uninitialized local variable"
6500 Reviewed-by: Daniel Gustafsson
6503 - curl: add --rate to set max request rate per time unit
6505 --rate "12/m" - for 12 per minute or
6506 --rate "5/h" - for 5 per hour
6512 - [Jay Satiro brought this change]
6514 max-time.d: clarify max-time sets max transfer time
6516 Prior to this change the doc said --max-time set the maximum time of the
6517 'whole operation' which is not accurate. The option maps to
6518 CURLOPT_TIMEOUT_MS which sets maximum transfer time.
6520 For example, the maximum time on a transfer is reset if the transfer is
6523 Reported-by: Nuru@users.noreply.github.com
6525 Fixes https://github.com/curl/curl/issues/8877
6528 - GHA/hyper: enable debug in the build
6530 - hyper: use 'alt-used'
6532 Makes test 412+413 work
6536 - RELEASE-NOTES: synced
6538 - CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
6542 - links: update dead links
6544 The wiki pages are gone, remove and link to more long-living docs.
6548 - ntlm: (void) typecast msnprintf() where we ignore return code
6550 Follow-up to 5a41abef6, to please Coverity
6552 Daniel Gustafsson (22 May 2022)
6553 - ntlm: copy NTLM_HOSTNAME to host buffer
6555 Commit 709ae2454f43 added a fake hostname to avoid leaking the local
6556 hostname, but omitted copying it to the host buffer. Fix by copying
6557 and adjust the test fallout.
6561 Reported-by: Patrick Monnerat <patrick@monnerat.net>
6562 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6564 - configure: use the SED value to invoke sed
6566 Rather than assuming sed in PATH, use the resolved $SED variable
6567 like in all other invocations of sed in configure.
6570 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6571 Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
6573 Daniel Stenberg (20 May 2022)
6574 - [Tatsuhiro Tsujikawa brought this change]
6576 ngtcp2: Allow curl to send larger UDP datagrams
6578 Allow curl to send larger UDP datagram if Path MTU Discovery finds the
6579 availability of larger path MTU. To make it work and not to send
6580 fragmented packet, we need to set DF bit. That makes send(2) fail with
6581 EMSGSIZE if UDP datagram is too large. In that case, just let it be
6582 lost. This patch enables DF bit for Linux only.
6586 - libcurl-security.3: add "Secrets in memory"
6590 - tests: update NTLM tests to use new host name
6592 Also drop the debug requirement, remove the setenv sections, remove
6593 prechecks and add NTLM to the top keywords.
6597 - ntlm: provide a fixed fake host name
6599 The NTLM protocol includes providing the local host name, but apparently
6600 other implementations already provide a fixed fake name instead to avoid
6601 leaking the real local name.
6603 The exact name used is 'WORKSTATION', because Firefox uses that.
6605 The change is written to allow someone to "back-pedal" fairly easy in
6608 Reported-by: Carlo Alberto
6612 Daniel Gustafsson (20 May 2022)
6613 - KNOWN_BUGS: fix typo in problem description
6617 - FEATURES: remove yassl as TLS library for NTLM
6619 yassl was added in commit 9d904ee41b880b but is no longer available
6620 and is thus not a library to use for NTLM. This aligns the FEATURES
6624 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6626 - FEATURES: reorder footnotes
6628 The empty left-behind footnote confused the website rendering into
6629 creating a nested emoty list, making the resulting page look quite
6630 odd. Remove and re-order the remaining ones to avoid a gap in the
6634 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6636 - FAQ: remove opinionated sentence on NTLM
6638 curl is a tool that support many different things, and it doesn't
6639 really seem like our job to tell other what to use (as they might
6640 not have much say in the matter even). Also tidy up wording.
6643 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6645 Viktor Szakats (20 May 2022)
6646 - log2changes: do not indent empty lines [ci skip]
6648 This will omit two spaces of indentation from lines with no content,
6649 thus avoiding 'spaces @ EOL'.
6651 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6654 Daniel Stenberg (19 May 2022)
6655 - wolfssl: correct the failf() message when a handle can't be made
6659 Viktor Szakats (19 May 2022)
6660 - Makefile.m32: delete two obsolete OpenSSL options [ci skip]
6662 - -DOPENSSL_NO_KRB5: No longer used by OpenSSL 1.1.x, 3.x, or
6663 LibreSSL 3.5.x, yet it collides with the latter, which defines
6664 it unconditionally, resulting in this warning:
6665 ../../libressl/include/openssl/opensslfeatures.h:14:9: warning: 'OPENSSL_NO_KRB5' macro redefined [-Wmacro-redefined]
6666 It was originally added to curl in 2004.
6668 - -DHAVE_OPENSSL_PKCS12_H: No longer used by OpenSSL 1.1.x, 3.x, or
6669 LibreSSL back to at least 2.5.5. Originally added in the same
6670 commit as the above, in 2004.
6674 Daniel Stenberg (19 May 2022)
6675 - RELEASE-NOTES: synced
6679 - [Christian Weisgerber via curl-library brought this change]
6681 Makefile.am: fix portability issues
6683 Commit a04f0b961333e1a19848d073d8c7db9c20b2a371 made me notice that
6684 there is a portability issue in curl's top-level Makefile.am.
6686 $< can only be used in rules that deal with .SUFFIXES. Its use
6687 for general prerequisites is a GNU make extension.
6689 $< could be replaced by $?, but I think in an autotools context,
6690 something like this is better:
6692 Bug: https://curl.se/mail/lib-2022-05/0024.html
6695 - [Balakrishnan Balasubramanian brought this change]
6697 socks: support unix sockets for socks proxy
6700 curl -x "socks5h://localhost/run/tor/socks" "https://example.com"
6702 Updated runtests.pl to run a socksd server listening on unix socket
6704 Added tests test1467 test1468
6706 Added documentation for proxy command line option and socks proxy
6711 - [Vincent Torri brought this change]
6713 cmake: add libpsl support
6718 - [Tatsuhiro Tsujikawa brought this change]
6720 ngtcp2: extend QUIC transport parameters buffer
6722 Extend QUIC transport parameters buffer because 64 bytes are too
6723 short for the ever increasing parameters.
6727 - [Tatsuhiro Tsujikawa brought this change]
6729 ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
6733 - [Tatsuhiro Tsujikawa brought this change]
6735 ngtcp2: send appropriate connection close error code
6739 - test1561: adjusted for the cookie fix
6741 - test414: verify secure cookie domain overlay
6743 - [Harry Sintonen brought this change]
6745 cookie: address secure domain overlay
6747 Bug: https://hackerone.com/reports/1560324
6748 Co-authored-by: Daniel Stenberg
6751 - [Frank Gevaerts brought this change]
6753 strcase: some optimisations
6755 Lookup tables for toupper() and tolower() make Curl_strcasecompare()
6756 about 1.5 times faster. Reorganising Curl_strcasecompare() to fully exit
6757 early then also allows simplifying the check at the end, for another
6758 15%. In total, the changes make Curl_strcasecompare() around 1.6 to 1.7
6761 Note that these optimisation assume ASCII. The original
6762 Curl_raw_toupper() and raw_tolower() look like they already made that
6767 - BUG-BOUNTY.md: mention the audit exception
6769 Dedicated - paid for - security audits that are performed in
6770 collaboration with curl developers are not eligible for bounties.
6772 (plus I changed the sub-titles to use ## instead of # in the markdown)
6776 - lib/vssh/wolfssh.h: removed
6780 Reported-by: Illarion Taev
6784 - [Elms brought this change]
6786 wolfSSL: explicitly use compatibility layer
6788 This change removes adding an include `$prefix/wolfssl` or similar to
6789 allow for openssl include aliasing. Include paths of `wolfssl/openssl/`
6790 are used to explicitly use wolfSSL includes. This fixes cmake builds as
6791 well as avoiding potentially using openSSL headers since include path
6792 order is not guaranteed.
6796 - curl: deprecate --random-file and --egd-file
6798 As libcurl no longer has any functionality for them, the tool now does
6803 - opts: deprecate RANDOM_FILE and EGDSOCKET
6805 These two options were only ever used for the OpenSSL backend for
6806 versions before 1.1.0. They were never used for other backends and they
6807 are not used with recent OpenSSL versions. They were never used much by
6810 The defines RANDOM_FILE and EGD_SOCKET can still be set at build-time
6811 for ancient EOL OpenSSL versions.
6815 - [Harry Sintonen brought this change]
6817 bindlocal: don't use a random port if port number would wrap
6819 Earlier if CURLOPT_LOCALPORT + CURLOPT_LOCALPORTRANGE would go past port
6820 65535 the code would fall back to random port rather than giving up.
6824 Daniel Gustafsson (16 May 2022)
6825 - transfer: Fix potential NULL pointer dereference
6827 Commit 0ef54abf5208 accidentally used the conn variable before the
6828 assertion for it being NULL. Fix by moving the assignment which use
6829 conn to after the assertion.
6832 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6834 - docs: clarify data replacement policy for MIME API
6836 The API documentation for the MIME functions specify that the parts
6837 can be set twice, with the last call winning. While true, the user
6838 can set the parts n times for n > 2, reword to specify multiple API
6842 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6844 Daniel Stenberg (16 May 2022)
6845 - [vvb2060 on github brought this change]
6847 ngtcp2: support boringssl crypto backend
6851 - [Tatsuhiro Tsujikawa brought this change]
6853 quic: add Curl_quic_idle
6855 Add Curl_quic_idle which is called when no HTTP level read or write is
6856 performed. It is a good place to handle timer expiry for QUIC transport
6857 (.e.g, retransmission).
6861 - [Gregor Jasny brought this change]
6863 mprintf: ignore clang non-literal format string
6867 - [Nick Zitzmann brought this change]
6869 sectransp: check for a function defined when __BLOCKS__ is undefined
6871 SecTrustEvaluateAsync() is defined in the macOS 10.7 SDK, but it
6872 requires Grand Central Dispatch to be supported by the compiler, and
6873 some third-party macOS compilers do not support Grand Central Dispatch.
6874 SecTrustCopyPublicKey() is not present in macOS 10.6, so this shouldn't
6875 adversely affect anything.
6878 Reported-by: Egor Pugin
6881 Daniel Gustafsson (16 May 2022)
6882 - test412/413: Use version macro for User-Agent
6884 Commit 46d45ea3a incorrectly hardcoded the User-Agent in the test
6885 output file which breaks when curlver is updated. Shift to using
6886 the %VERSION macro instead.
6890 - macos9: remove partial support
6892 The support for compiling on Mac OS 9 hasn't been modified since 2001
6893 and has no active maintainer or packager, so it's time to remove it as
6894 it's incredibly unlikely to work. If a maintainer re-emerges it can be
6895 resurrected from Git history.
6898 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6900 Daniel Stenberg (16 May 2022)
6901 - test1635: verify --fail-with-body with --retry
6903 Almost a dupe of 1634
6907 - tool_operate: make sure --fail-with-body works with --retry
6909 ... in the same way --fail already does.
6911 Reported-by: Jakub Bochenski
6915 - [Tatsuhiro Tsujikawa brought this change]
6917 ngtcp2: Correct use of ngtcp2 and nghttp3 signed integer types
6921 - [Tatsuhiro Tsujikawa brought this change]
6923 ngtcp2: Fix alert_read_func return value
6927 - [Harry Sintonen brought this change]
6929 Curl_parsenetrc: don't access local pwbuf outside of scope
6931 Accessing local variables outside of the scope is forbidden and
6932 depending on the compiler can result in the value being
6933 overwritten. Fixed by moving the pwbuf to be in scope.
6937 - RELEASE-NOTES: synced
6939 and bump curlver to 7.83.2 for now (but likely to become 7.84.0 soon)
6941 - [Frazer Smith brought this change]
6943 ci: update github actions
6945 - bump actions/checkout from 2 to 3
6946 - bump actions/upload-artifact from 1 to 3
6947 - bump github/codeql-actions from 1 to 2
6948 - use version tag for actions/checkout
6952 - test1919: verify CURLOPT_XOAUTH2_BEARER leak fix
6954 - url: free old conn better on reuse
6956 Make use of conn_free() better and avoid duplicate code.
6958 Reported-by: Andrea Pappacoda
6962 Jay Satiro (14 May 2022)
6963 - FAQ: Clarify Windows double quote usage
6965 - Windows command prompt doesn't use literal quoting via single quotes.
6967 - Windows command prompt inner double quotes are escaped with a
6970 - Windows powershell does use single quotes but curl is not a powershell
6971 script so the arguments may not be passed on correctly.
6973 - Windows powershell inner double quotes seems can be passed to curl if
6974 the outer quotes are double quotes and an escape of backslash-backtick
6977 Command prompt example:
6980 getargs -v -d "\"a\""
6988 Ref: https://github.com/curl/curl/issues/8818
6989 Ref: https://gist.github.com/jay/19aba48653bd591cf4b90eb9249a302c
6991 Reported-by: KotlinIsland@users.noreply.github.com
6993 Closes https://github.com/curl/curl/pull/8823
6995 Daniel Stenberg (12 May 2022)
6996 - github/workflows/nss: apt update first
6998 Fix "libnss3-dev_3.49.1-1ubuntu1.6_amd64.deb 404 Not Found"
7002 - page-footer: mention exit code zero too
7004 Success (zero) is also an "exit code" worth mentioning.
7008 Daniel Gustafsson (12 May 2022)
7009 - gssapi: initialize gss_buffer_desc strings
7011 Explicitly initialize gss_buffer_desc strings such that a call to
7012 freeing resources will succeed even if no data has been allocated
7015 Reported-by: Jay Satiro <raysatiro@yahoo.com>
7017 - gssapi: improve handling of errors from gss_display_status
7019 In case gss_display_status() returns an error, avoid trying to add
7020 it to the buffer as the message may well be a NULL pointer.
7022 Originally this fix comes from a discussion in issue #8816.
7025 Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
7027 Jay Satiro (12 May 2022)
7028 - [steini2000 brought this change]
7030 http2: always debug print stream id in decimal with %u
7032 Prior to this change the stream id shown could be hex or decimal which
7033 was inconsistent and confusing.
7035 Closes https://github.com/curl/curl/pull/8808
7037 Kamil Dudka (11 May 2022)
7038 - url: remove redundant #ifdefs in allocate_conn()
7040 No change in behavior intended by this commit.
7042 Daniel Stenberg (11 May 2022)
7043 - [Fabian Keil brought this change]
7045 tests 266, 116 and 1540: add a small write delay
7047 This makes it more likely that the trailer is received
7048 seperately from the last-chunk.
7050 curl doesn't seem to care about this but it makes the tests
7051 more useful when testing external proxies like Privoxy.
7053 - [Fabian Keil brought this change]
7055 tests 1117,1238,1523: adjust writedelay servercmds
7057 ... so the delays are the same now that the unit
7060 - [Fabian Keil brought this change]
7062 tests/server/sws.c: change the HTTP writedelay unit to milliseconds
7064 This allows to use write delays for large responses without
7065 resulting in the test taking an unreasonable amount of time.
7067 In many cases delaying writes by a whole second or more isn't
7068 necessary for the desired effect.
7072 Daniel Gustafsson (11 May 2022)
7073 - aws-sigv4: fix potentional NULL pointer arithmetic
7075 We need to check if the strchr() call returns NULL (due to missing
7076 char) before we use the returned value in arithmetic. There is no
7077 live bug here, but fixing it before it can become for hygiene.
7080 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7082 Daniel Stenberg (11 May 2022)
7083 - quiche: support ca-fallback
7085 Follow-up to b01f3e679f4c1ea3 which added this for ngtcp2/openssl
7087 Removed from KNOWN_BUGS
7092 Daniel Gustafsson (11 May 2022)
7093 - x509asn1: mark msnprintf return as unchecked
7095 We have lots of unchecked msnprintf calls, and this particular msnprintf
7096 call isn't more interesting than the others, but this one yields a Coverity
7097 warning so let's implicitly silence it. Going over the other invocations
7098 is probably a worthwhile project, but for now let's keep the static
7102 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7104 Version 7.83.1 (11 May 2022)
7106 Daniel Stenberg (11 May 2022)
7107 - RELEASE-NOTES: synced
7111 - THANKS: added contributors from 7.83.1
7113 - zuul: fix the ngtcp2-gnutls build
7115 Add packages and tweak the configure options.
7117 Use the GnuTLS 3.7.4 branch (not main).
7121 - [Tatsuhiro Tsujikawa brought this change]
7123 ngtcp2: add ca-fallback support for OpenSSL backend
7127 - url: check SSH config match on connection reuse
7131 Reported-by: Harry Sintonen
7132 Bug: https://curl.se/docs/CVE-2022-27782.html
7135 - tls: check more TLS details for connection reuse
7139 Reported-by: Harry Sintonen
7140 Bug: https://curl.se/docs/CVE-2022-27782.html
7143 - cookies: make bad_domain() not consider a trailing dot fine
7145 The check for a dot in the domain must not consider a single trailing
7146 dot to be fine, as then TLD + trailing dot is fine and curl will accept
7147 setting cookies for it.
7151 Reported-by: Axel Chong
7152 Bug: https://curl.se/docs/CVE-2022-27779.html
7155 - test977: reproduce ability to set cookie on TLD
7157 When PSL is not enabled
7159 - scripts/contributors.sh: correct the copyright range
7161 - docs/RELEASE-PROCEDURE.md: refreshed and adjsuted the release dates
7163 - test379: verify --remove-on-error with --no-clobber
7165 - post_per_transfer: remove the updated file name
7167 When --remove-on-error is used with --no-clobber, it might have an
7168 updated file name to remove.
7170 Bug: https://curl.se/docs/CVE-2022-27778.html
7174 Reported-by: Harry Sintonen
7178 - hsts: ignore trailing dots when comparing hosts names
7182 Reported-by: Axel Chong
7183 Bug: https://curl.se/docs/CVE-2022-30115.html
7186 - test440/441: verify HSTS with trailing dots
7188 - libtest/lib1560: verify the host name percent decode fix
7190 - urlapi: reject percent-decoding host name into separator bytes
7194 Reported-by: Axel Chong
7195 Bug: https://curl.se/docs/CVE-2022-27780.html
7198 - nss: return error if seemingly stuck in a cert loop
7202 Reported-by: Florian KohnhƤuser
7203 Bug: https://curl.se/docs/CVE-2022-27781.html
7206 - test412/413: verify alt-svc with trailing dots
7208 - altsvc: fix host name matching for trailing dots
7212 - [Garrett Squire brought this change]
7216 This change fixes the hyper API such that PUT requests that receive a
7217 417 response can retry without the Expect header.
7221 - [Harry Sintonen brought this change]
7223 sectransp: bail out if SSLSetPeerDomainName fails
7225 Before the code would just warn about SSLSetPeerDomainName() errors.
7229 - http_proxy/hyper: handle closed connections
7231 Enable test 1021 for hyper builds.
7233 Patched-by: Prithvi MK
7237 - KNOWN_BUGS: timeout when reusing a http3 connection
7241 - KNOWN_BUGS: configure --with-ca-fallback is not supported by h3
7245 - [Ryan Schmidt brought this change]
7247 Makefile: fix "make ca-firefox"
7251 Daniel Gustafsson (5 May 2022)
7252 - tests: fix markdown formatting in README
7254 The asterisk in the abbreviation *NIX (for UNIX/Linux) needs to be
7255 escaped to not mean start of italic formatting. This is consistent
7256 with docs/RELEASE-PROCEDURE.md.
7259 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7261 Daniel Stenberg (5 May 2022)
7262 - TODO: expand on "Expose tried IP addresses that failed"
7266 Daniel Gustafsson (5 May 2022)
7267 - [Fabian Keil brought this change]
7269 tests/server: declare variable 'reqlogfile' static
7271 Silences the warning:
7274 socksd.c:143:13: warning: no previous extern declaration for
7275 non-static variable 'reqlogfile' [-Wmissing-variable-declarations]
7276 const char *reqlogfile = DEFAULT_REQFILE;
7278 socksd.c:143:7: note: declare 'static' if the variable is not
7279 intended to be used outside of this translation unit
7280 const char *reqlogfile = DEFAULT_REQFILE;
7282 1 warning generated.
7284 ... when compiling with clang 13.
7287 Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
7289 - HTTP-COOKIES: add missing CURLOPT_COOKIESESSION
7291 Commit 980a47b42 added support for ignoring session cookies, but it
7292 was never added to the documentation.
7295 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7297 Daniel Stenberg (5 May 2022)
7298 - docs/THANKS: remove name duplicate
7300 - [Philip Heiduck brought this change]
7306 Jay Satiro (5 May 2022)
7307 - mbedtls: fix some error messages
7309 Prior to this change some of the error messages misidentified the
7310 function that failed.
7312 Daniel Stenberg (5 May 2022)
7313 - RELEASE-NOTES: synced
7315 - [Sergey Markelov brought this change]
7317 x509asn1: make do_pubkey handle EC public keys
7321 - [Harry Sintonen brought this change]
7323 mbedtls: bail out if rng init fails
7325 There was a failf() call but no actual error return.
7329 - [Sergey Markelov brought this change]
7331 urlapi: address (harmless) UndefinedBehavior sanitizer warning
7333 `while(i--)` causes runtime error: unsigned integer overflow: 0 - 1
7334 cannot be represented in type 'size_t' (aka 'unsigned long')
7338 - [Fabian Keil brought this change]
7340 test{898,974,976}: add 'HTTP proxy' keywords
7342 ... so the tests can be automatically skipped when
7343 testing external HTTP proxies like Privoxy.
7347 - [Harry Sintonen brought this change]
7349 gskit_connect_step1: fixed bogus setsockopt calls
7351 setsockopt takes a reference to value, not value. With the current
7352 code this just leads to -1 return value with errno EFAULT.
7356 - CURLOPT_SSH_AUTH_TYPES.3: fix the default
7358 The default is all possible methods.
7362 - CURLOPT_DOH_URL.3: mention the known bug
7364 It is mostly duplicating info from KNOWN_BUGS but make it easier to find
7365 for users of this option.
7369 - CURLOPT_HSTS*FUNCTION.3: document the involved structs as well
7371 Reviewed-By: Daniel Gustafsson
7374 - docs/SECURITY-PROCESS.md: "Visible command line arguments"
7376 - SECURITY-PROCESS: mention "URL inconsistencies"
7378 ... as common problems that are *not* vulns.
7380 Daniel Gustafsson (2 May 2022)
7381 - contributors: strip off final comma
7383 The final row of contributors should not end with a comma as it's the
7387 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7389 Daniel Stenberg (2 May 2022)
7390 - [Philip Heiduck brought this change]
7392 misc: use "autoreconf -fi" instead buildconf
7394 Signed-off-by: Philip H <47042125+pheiduck@users.noreply.github.com>
7397 Daniel Gustafsson (2 May 2022)
7398 - [Philip Heiduck brought this change]
7400 cirrus: Use pip for Python packages on FreeBSD
7402 Using pip instead of easy_install is more in line with how other
7403 CI images are being maintained.
7406 Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
7408 - [Philip Heiduck brought this change]
7410 cirrus: Update to FreeBSD 12.3
7413 Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
7415 - tool_getparam: simplify conditional statement
7417 param_place cannot be NULL here since we immediately efter this block
7418 perform arithmetic on it (and use it in order to get here) so there is
7419 little reason to check.
7422 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7424 - RELEASE-NOTES: synced
7426 - gskit: remove unused function set_callback
7428 This function has been unused since the initial commit of the GSKit
7429 backend in 0eba02fd4. The motivation for the code was getting the
7430 whole certificate chain: the only place where the latter is available
7431 is as a callback parameter. Unfortunately it is not possible to pass
7432 a user pointer to this callback, which precludes the possibility to
7433 associate the cert chain with a data/conn structure.
7435 For further information, search for pgsk_cert_validation_callback on:
7436 https://www.ibm.com/docs/api/v1/content/ssw_ibm_i_71/apis/gsk_attribute_set_callback.htm
7438 As the upstream library never added a parameter like that to the API,
7439 we give up the wait and remove the dead code.
7442 Reviewed-by: Patrick Monnerat <patrick@monnerat.net>
7444 - curl: free resource in error path
7446 If the new filename cannot be generated due to memory pressure, free
7447 the allocated aname on the way out to avoid a small leak.
7450 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7452 - curl: guard against size_t wraparound in no-clobber code
7454 When generating the new filename, make sure we aren't overflowing the
7455 size_t limit when calculating the new length. This is mostly academic
7456 but good code hygeine nonetheless.
7459 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7461 Daniel Stenberg (30 Apr 2022)
7466 - scripts/cijobs.pl: try "current branch" first then "master"
7468 - [Yusuke Nakamura brought this change]
7470 msh3: get msh3 version from MsH3Version
7474 - [Yusuke Nakamura brought this change]
7476 msh3: psss remote_port to MsH3ConnectionOpen
7478 MsH3 supported additional "Port" parameter to connect not hosted on
7479 443 port QUIC website.
7481 * https://github.com/nibanks/msh3/releases/tag/v0.3.0
7482 * https://github.com/nibanks/msh3/pull/37
7486 - [Christian Weisgerber brought this change]
7488 openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl
7490 SSL_CTX_set1_curves_list() has been available since LibreSSL 2.5.3,
7491 released five years ago.
7493 Bug: https://curl.se/mail/lib-2022-04/0059.html
7496 - http: move Curl_allow_auth_to_host()
7498 It was mistakenly put within the CURL_DISABLE_HTTP_AUTH #ifdef
7500 Reported-by: Michael Olbrich
7504 Daniel Gustafsson (29 Apr 2022)
7505 - msh3: print boolean value as text representation
7507 Print the boolean value as its string representation instead of with
7508 %hhu which isn't a format we typically use.
7511 Reviewed-by: Nick Banks <nibanks@microsoft.com>
7513 Daniel Stenberg (29 Apr 2022)
7514 - data/test376: set a proper name
7516 - GHA/mbedtls: enabled nghttp2 in the build
7520 - mbedtls: fix compile when h2-enabled
7523 Reported-by: LigH-de on github
7526 - RELEASE-NOTES: synced
7528 bumped curlver to 7.83.1-dev
7530 - SECURITY-PROCESS: extended
7532 Also clarify BUG-BOUNTY.md with IBB details.
7536 - [Adam Rosenfield brought this change]
7538 conn: fix typo 'connnection' -> 'connection' in two function names
7542 Version 7.83.0 (27 Apr 2022)
7544 Daniel Stenberg (27 Apr 2022)
7545 - RELEASE-NOTES: synced
7549 - docs/THANKS: contributors from 7.83.0
7551 - test 898/974/976: require proxy to run
7554 Reported-by: Marc Hƶrsken
7557 - gnutls: don't leak the SRP credentials in redirects
7559 Follow-up to 620ea21410030 and 139a54ed0a172a
7561 Reported-by: Harry Sintonen
7564 - CURLOPT*TLSAUTH: they only work with OpenSSL or GnuTLS
7568 - openssl: don't leak the SRP credentials in redirects either
7570 Follow-up to 620ea21410030
7572 Reported-by: Harry Sintonen
7575 - [Liam Warfield brought this change]
7577 hyper: fix tests 580 and 581 for hyper
7579 Hyper now has the ability to preserve header order. This commit adds a
7580 few lines setting the connection options for this feature.
7582 Related to issue #8617
7585 - conncache: remove name arg from Curl_conncache_find_bundle
7587 To simplify, and also since the returned name is not the full actual
7588 name used for the check. The port number and zone id is also involved,
7589 so just showing the name is misleading.
7593 - tests: verify the fix for CVE-2022-27774
7595 - Test 973 redirects from HTTP to FTP, clear auth
7596 - Test 974 redirects from HTTP to HTTP different port, clear auth
7597 - Test 975 redirects from HTTP to FTP, permitted to keep auth
7598 - Test 976 redirects from HTTP to HTTP different port, permitted to keep
7601 - transfer: redirects to other protocols or ports clear auth
7603 ... unless explicitly permitted.
7605 Bug: https://curl.se/docs/CVE-2022-27774.html
7606 Reported-by: Harry Sintonen
7609 - connect: store "conn_remote_port" in the info struct
7611 To make it available after the connection ended.
7613 - cookie.d: clarify when cookies are always sent
7615 - test898: verify the fix for CVE-2022-27776
7617 Do not pass on Authorization headers on redirects to another port
7619 - http: avoid auth/cookie on redirects same host diff port
7623 Reported-by: Harry Sintonen
7624 Bug: https://curl.se/docs/CVE-2022-27776.html
7627 - libssh2: make the md5 comparison fail if wrong length
7629 Making it just skip the check unless exactly 32 is too brittle. Even if
7630 the docs says it needs to be exactly 32, it is be safer to make the
7631 comparison fail here instead.
7633 Reported-by: Harry Sintonen
7634 Bug: https://hackerone.com/reports/1549461
7637 - conncache: include the zone id in the "bundle" hashkey
7639 Make connections to two separate IPv6 zone ids create separate
7642 Reported-by: Harry Sintonen
7643 Bug: https://curl.se/docs/CVE-2022-27775.html
7646 - [Patrick Monnerat brought this change]
7648 url: check sasl additional parameters for connection reuse.
7650 Also move static function safecmp() as non-static Curl_safecmp() since
7651 its purpose is needed at several places.
7653 Bug: https://curl.se/docs/CVE-2022-22576.html
7659 - libssh2: compare sha256 strings case sensitively
7661 Reported-by: Harry Sintonen
7662 Bug: https://hackerone.com/reports/1549435
7665 - tool_getparam: error out on missing -K file
7667 Add test 411 to verify.
7669 Reported-by: Median Median Stride
7670 Bug: https://hackerone.com/reports/1542881
7673 - [Tatsuhiro Tsujikawa brought this change]
7675 ngtcp2: deal with sub-millisecond timeout
7679 - misc: update copyright year ranges
7681 - c_escape: escape '?' in generated --libcurl code
7683 In order to avoid the risk of it being used in an accidental trigraph in
7686 Reported-by: Harry Sintonen
7687 Bug: https://hackerone.com/reports/1548535
7690 - [Philip Heiduck brought this change]
7692 mlc: curl.zuul.vexxhost.dev is reachable again
7694 remove it from ignorelist for linkcheck
7698 - [Tatsuhiro Tsujikawa brought this change]
7700 ngtcp2: avoid busy loop in low CWND situation
7704 - TODO: telnet - exit immediately upon connection if stdin is /dev/null
7706 Suggested-by: Robin A. Meade
7707 URL: https://curl.se/mail/archive-2022-04/0027.html
7709 - [Kushal Das brought this change]
7711 docs: updates spellings with full words
7715 - tests/FILEFORMAT.md: spellfix
7717 Daniel Gustafsson (21 Apr 2022)
7720 Fix a few random typos is comments and workflow names.
7722 - macos: fix .plist installation into framework
7724 The copy command introduced in e498a9b1f had leftover '>' from the
7725 previous sed command it replaced, which broke its syntax. Fix by
7728 Reported-by: Emanuele Torre <torreemanuele6@gmail.com>
7730 Daniel Stenberg (21 Apr 2022)
7731 - [Christopher Degawa brought this change]
7733 Makefile: fix ca-bundle due to mk-ca-bundle.pl being moved
7735 The script was moved in 8e22fc68e7dda43e9f but the lines that called it
7736 was not changed to reflect it's new position
7738 Signed-off-by: Christopher Degawa <ccom@randomderp.com>
7742 Daniel Gustafsson (20 Apr 2022)
7743 - macos: set .plist version in autoconf
7745 Set the libcurl version in libcurl.plist like how libcurl.vers is
7749 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7750 Reviewed-by: Nick Zitzmann <nickzman@gmail.com>
7752 - cookies: Improve errorhandling for reading cookiefile
7754 The existing programming had some issues with errorhandling for reading
7755 the cookie file. If the file failed to open, we would silently ignore it
7756 and continue as if there was no file (or stdin) passed. In this case, we
7757 would also call fclose() on the NULL FILE pointer, which is undefined
7758 behavior. Fix by ensuring that the FILE pointer is set before calling
7759 fclose on it, and issue a warning in case the file cannot be opened.
7760 Erroring out on nonexisting file would break backwards compatibility of
7761 very old behavior so we can't really go there.
7764 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7765 Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
7767 Daniel Stenberg (20 Apr 2022)
7768 - libcurl-tutorial.3: spellfix and minor polish
7770 - CURLINFO_PRIMARY_PORT.3: spellfix
7772 Reported-by: Patrick Monnerat
7774 - [Jay Dommaschk brought this change]
7776 libssh: fix double close
7778 libssh closes the socket in ssh_diconnect() so make sure that libcurl
7779 does not also close it.
7784 Jay Satiro (20 Apr 2022)
7785 - [Gisle Vanem brought this change]
7787 unit1620: call global_init before calling Curl_open
7789 Curl_open calls the resolver init and on Windows if the resolver backend
7790 is c-ares then the Windows sockets library (winsock) must already have
7791 been initialized (via global init).
7793 Ref: https://github.com/curl/curl/pull/8540#issuecomment-1059771800
7795 Closes https://github.com/curl/curl/pull/8719
7797 Daniel Stenberg (19 Apr 2022)
7798 - CURLINFO_PRIMARY_PORT.3: clarify which port this is
7800 As it was not entirely clear previously.
7804 - CURLOPT_UNRESTRICTED_AUTH.3: extended explanation
7806 Include details about Authentication headers.
7808 Reported-by: Brad Spencer
7812 - .github/workflows/macos.yml: add a libssh job with c-ares
7814 ... to enable the memdebug system
7818 - RELEASE-NOTES: synced
7820 Jay Satiro (17 Apr 2022)
7821 - [Gisle Vanem brought this change]
7823 docs/HTTP3.md: fix typo
7825 also fix msh3 section formatting
7827 Ref: https://github.com/curl/curl/commit/37492ebb#r70980087
7829 Marc Hoersken (17 Apr 2022)
7830 - timediff.[ch]: add curlx helper functions for timeval conversions
7832 Also move timediff_t definitions from timeval.h to timediff.h and
7833 then make timeval.h include the new standalone-capable timediff.h.
7835 Reviewed-by: Jay Satiro
7836 Reviewed-by: Daniel Stenberg
7841 Daniel Stenberg (17 Apr 2022)
7842 - [Balakrishnan Balasubramanian brought this change]
7844 tests: refactor server/socksd.c to support --unix-socket
7848 - [Emanuele Torre brought this change]
7850 tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)
7852 This loop was using the number of bytes read from the file as condition
7855 From Linux's fread(3) man page:
7856 > On success, fread() and fwrite() return the number of items read or
7857 > written. This number equals the number of bytes transferred only when
7858 > size is 1. If an error occurs, or the end of the file is reached, the
7859 > return value is a short item count (or zero).
7861 > The file position indicator for the stream is advanced by the number
7862 > of bytes successfully read or written.
7864 > fread() does not distinguish between end-of-file and error, and
7865 > callers must use feof(3) and ferror(3) to determine which occurred.
7867 This means that nread!=0 doesn't make much sense as an end condition for
7868 the loop: nread==0 doesn't necessarily mean that EOF has been reached or
7869 an error has occured (but that is usually the case) and nread!=0 doesn't
7870 necessarily mean that EOF has not been reached or that no read errors
7871 have occured. feof(3) and ferror(3) should be uses when using fread(3).
7873 Currently curl has to performs an extra fread(3) call to get a return
7874 value equal to 0 to stop looping.
7876 This usually "works" (even though nread==0 shouldn't be interpreted as
7877 EOF) if stdin is a pipe because EOF usually marks the "real" end of the
7878 stream, so the extra fread(3) call will return immediately and the extra
7879 read syscall won't be noticeable:
7881 bash-5.1$ strace -e read curl -s -F file=@- 0x0.st <<< a 2>&1 |
7883 read(0, "a\n", 4096) = 2
7884 read(0, "", 4096) = 0
7885 read(0, "", 4096) = 0
7886 http://0x0.st/oRs.txt
7887 +++ exited with 0 +++
7890 But this doesn't work if curl is reading from stdin, stdin is a
7891 terminal, and the EOF is being emulated using a shell with ^D. Two
7892 consecutive ^D will be required in this case to actually make curl stop
7895 bash-5.1$ curl -F file=@- 0x0.st
7898 http://0x0.st/oRs.txt
7901 A possible workaround to this issue is to use a program that handles EOF
7902 correctly to indirectly send data to curl's stdin:
7904 bash-5.1$ cat - | curl -F file=@- 0x0.st
7907 http://0x0.st/oRs.txt
7910 This patch makes curl handle EOF properly when using fread(3) in
7911 file2memory() so that the workaround is not necessary.
7913 Since curl was previously ignoring read errors caused by this fread(3),
7914 ferror(3) is also used in the condition of the loop: read errors and EOF
7915 will have the same meaning; this is done to somewhat preserve the old
7916 behaviour instead of making the command fail when a read error occurs.
7920 - gen.pl: change wording for mutexed options
7922 Instead of saying "This option overrides NNN", now say "This option is
7923 mutually exclusive to NNN" in the generated man page ouput, as the
7924 option does not in all cases actually override the others but they are
7925 always mutually exclusive.
7930 - curl: error out if -T and -d are used for the same URL
7932 As one implies PUT and the other POST, both cannot be used
7935 Add test 378 to verify.
7937 Reported-by: Boris Verkhovskiy
7941 - lib: remove exclamation marks
7943 ... from infof() and failf() calls. Make them less attention seeking.
7947 - fail.d: tweak the description
7949 Reviewed-by: Daniel Gustafsson
7950 Suggested-by: Robert Charles Muir
7951 Ref: https://twitter.com/rcmuir/status/1514915401574010887
7955 Daniel Gustafsson (15 Apr 2022)
7956 - docs: Fix missing semicolon in example code
7958 Multiple share examples were missing a semicolon on the line defining
7959 the CURLSHcode variable.
7962 Reported-by: Michael Kaufmann <mail@michael-kaufmann.ch>
7963 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7965 - infof: consistent capitalization of warning messages
7967 Ensure that all infof calls with a warning message are capitalized
7968 in the same way. At some point we should probably set up a style-
7969 guide for infof but until then let's aim for a little consistenncy
7973 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7975 - RELEASE-NOTES: synced
7977 - [Matteo Baccan brought this change]
7979 perl: removed a double semicolon at end of line
7981 Remove double semicolons at end of line in Perl code.
7984 Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
7986 - curl_easy_header: fix typos in documentation
7989 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
7991 Marcel Raad (11 Apr 2022)
7992 - appveyor: add Cygwin build
7994 Closes https://github.com/curl/curl/pull/8693
7996 - appveyor: only add MSYS2 to PATH where required
7998 Closes https://github.com/curl/curl/pull/8693
8000 Daniel Stenberg (10 Apr 2022)
8001 - [Tatsuhiro Tsujikawa brought this change]
8003 ngtcp2: fix memory leak
8007 - [Tatsuhiro Tsujikawa brought this change]
8009 ngtcp2: remove remote_addr which is not used in a meaningful way
8013 - [Tatsuhiro Tsujikawa brought this change]
8015 ngtcp2: enlarge H3_SEND_SIZE
8017 Make h3_SEND_SIZE larger because current value (20KiB) is too small
8018 for the high latency environment.
8022 - [Tatsuhiro Tsujikawa brought this change]
8024 ngtcp2: fix HTTP/3 upload stall and avoid busy loop
8026 This commit fixes HTTP/3 upload stall if upload data is larger than
8027 H3_SEND_SIZE. Only check writability of socket if a stream is
8028 writable to avoid busy loop when QUIC flow control window is filled
8029 up, or upload buffer is full.
8033 - [Nick Banks brought this change]
8035 msh3: add support for QUIC and HTTP/3 using msh3
8037 Considered experimental, as the other HTTP/3 backends.
8041 - TODO: "SFTP with SCP://"
8043 - GHA: move bearssl jobs over from zuul
8047 - data/DISABLED: disable test 313 on bearssl builds
8051 - runtests: add 'bearssl' as testable feature
8055 - GHA: add openssl3 jobs moved over from zuul
8059 - schannel: remove dead code that will never run
8061 As the condition can't ever evaluate true
8063 Reported-by: Andrey Alifanov
8067 - connecache: remove duplicate connc->closure_handle check
8069 The superfluous extra check could cause analyzer false positives
8070 and doesn't serve any purpose.
8074 - [MichaÅ Antoniak brought this change]
8076 mbedtls: remove server_fd from backend
8080 - [Tatsuhiro Tsujikawa brought this change]
8082 ngtcp2: use token when detecting :status header field
8086 - [Tatsuhiro Tsujikawa brought this change]
8088 ngtcp2: make curl 1ms faster
8090 Pass 0 for an already expired timer.
8094 - [Tatsuhiro Tsujikawa brought this change]
8096 ngtcp2: fix QUIC_IDLE_TIMEOUT
8098 QUIC_IDLE_TIMEOUT should be of type ngtcp2_duration which is
8099 nanoseconds resolution.
8103 - English: use American spelling consistently
8105 Authorization, Initialization, Organization etc.
8109 Daniel Gustafsson (5 Apr 2022)
8110 - [Sascha Zengler brought this change]
8112 BUGS: Fix incorrect punctuation
8115 Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
8117 Daniel Stenberg (4 Apr 2022)
8118 - tool_listhelp.c: uppercase URL
8120 - RELEASE-NOTES: synced
8122 - http: streamclose "already downloaded"
8124 Instead of connclose()ing, since when HTTP/2 is used it doesn't need to
8125 close the connection as stopping the current transfer is enough.
8127 Reported-by: Evangelos Foutras
8130 Jay Satiro (1 Apr 2022)
8131 - ftp: fix error message for partial file upload
8133 - Show the count of bytes written on partial file upload.
8135 Prior to this change the error message mistakenly showed the count of
8136 bytes read, not written.
8138 Bug: https://github.com/curl/curl/discussions/8637
8139 Reported-by: Taras Kushnir
8141 Closes https://github.com/curl/curl/pull/8649
8143 Daniel Stenberg (1 Apr 2022)
8144 - http: correct the header error message to say colon
8148 Reported-by: Gisle Vanem
8152 - lib: #ifdef on USE_HTTP2 better
8154 ... as nghttp2 might not be the library that provides HTTP/2 support.
8158 - [MichaÅ Antoniak brought this change]
8160 mbedtls: remove 'protocols' array from backend when ALPN is not used
8164 - http2: RST the stream if we stop it on our own will
8166 For the "simulated 304" case the done-call isn't considered "premature"
8167 but since the server didn't close the stream it needs to be reset to
8168 stop delivering data.
8172 - http: close the stream (not connection) on time condition abort
8176 - http2: handle DONE called for the paused stream
8178 As it could otherwise stall all streams on the connection
8180 Reported-by: Evangelos Foutras
8184 - tls: make mbedtls and NSS check for h2, not nghttp2
8186 This makes them able to also negotiate HTTP/2 even when built to use
8191 - tests/libtest/lib670.c: fixup the copyright year range
8193 follow-up to b54e18640ea4b7
8195 - [Leandro Coutinho brought this change]
8197 lib670: avoid double check result
8201 - vtls: use a generic "ALPN, server accepted" message
8205 - vtls: use a backend standard message for "ALPN: offers %s"
8207 I call it VTLS_INFOF_ALPN_OFFER_1STR, the '1str' meaning that the
8208 infof() call also needs a string argument: the ALPN ID.
8212 - [Christian Schmitz brought this change]
8214 strcase.h: add comment about the return code
8216 Tool often we run into expecting this to work like strcmp, but it
8217 returns 1 instead of 0 for match.
8221 - vtls: provide a unified APLN-disagree string for all backends
8223 Also rephrase to make it sound less dangerous:
8225 "ALPN: server did not agree on a protocol. Uses default."
8227 Reported-by: Nick Coghlan
8231 - projects/README: converted to markdown
8235 - misc: spelling fixes
8237 Mostly in comments but also in the -w documentation for headers_json.
8241 - KNOW_BUGS: HTTP3/Transfer closed with n bytes remaining to read
8243 "HTTP/3 does not support client certs" considered fixed, at least with
8248 - CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs
8250 Also add to quote.d. Add to TODO as something to add in a future.
8252 Reported-by: anon00000000 on github
8256 - RELEASE-NOTES: synced
8258 - pop3/smtp: return *WEIRD_SERVER_REPLY when not understood
8260 This leaves the CURLE_RECV_ERROR error code for explicit failure to
8261 receive network data and allows users to better separate the problems.
8264 Reported-by: Rianov Viacheslav
8267 - docs: lots of minor language polish
8269 Mostly based on recent language decisions from "everything curl":
8271 - remove contractions (isn't => is not)
8272 - *an* HTTP (consistency)
8273 - runtime (no hyphen)
8274 - backend (no hyphen)
8279 Jay Satiro (29 Mar 2022)
8280 - projects: Update VC version names for VS2017, VS2022
8282 - Rename VC15 -> VC14.10, VC17 -> VC14.30.
8284 The projects directory that holds the pre-generated Visual Studio
8285 project files uses VC<ver> to indicate the MSVC version. At some point
8286 support for Visual Studio 2017 (Visual Studio version 15 which uses MSVC
8287 14.10) was added as VC15. Visual Studio 2022 (Visual Studio version 17
8288 which uses MSVC 14.30) project files were recently added and followed
8289 that same format using VC17.
8291 There is no such MSVC version (yet) as VC15 or VC17.
8293 For VS 2017 for example, the name we use is correct as either VS17,
8294 VS2017, VC14.10. I opted for the latter since we use VC for earlier
8295 versions (eg VC10, VC12, etc).
8297 Ref: https://github.com/curl/curl/pull/8438#issuecomment-1037070192
8299 Closes https://github.com/curl/curl/pull/8447
8301 Daniel Stenberg (29 Mar 2022)
8302 - mqtt: better handling of TCP disconnect mid-message
8304 Reported-by: Jenny Heino
8305 Bug: https://hackerone.com/reports/1521610
8308 - CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
8310 - [Ian Blanes brought this change]
8312 docs/DYNBUF: clarify documentation for Curl_dyn_ptr and Curl_dyn_uptr
8316 - [Ian Blanes brought this change]
8318 curl: fix segmentation fault for empty output file names.
8320 Function glob_match_url set *result to NULL when called with filename =
8321 "", producing an indirect NULL pointer dereference.
8325 - TODO: Read keys from ~/.ssh/id_ecdsa, id_ed25519
8327 It would be nice to expand the list of key locations curl uses for the
8328 newer key types supported by libssh2.
8332 - ngtcp2: update to work after recent ngtcp2 updates
8334 Assisted-by: Tatsuhiro Tsujikawa
8335 Reported-by: jurisuk on github
8339 - [Farzin brought this change]
8341 CURLOPT_PROGRESSFUNCTION.3: fix typo in example
8345 - curl/header_json: output the header names in lowercase
8347 To better allow json[āheaderā].
8349 Reported-by: Peter Korsgaard
8350 Bug: https://daniel.haxx.se/blog/2022/03/24/easier-header-picking-with-curl/comment-page-1/#comment-25878
8353 - RELEASE-NOTES: synced
8355 - headers.h: make Curl_headers_push() be CURLE_OK when not built
8357 ... to avoid errors when the function isn't there.
8359 Reported-by: Marcel Raad
8363 - scripts: move three scripts from lib/ to scripts/
8365 Move checksrc.pl, firefox-db2pem.sh and mk-ca-bundle.pl since they don't
8366 particularly belong in lib/
8368 Also created an EXTRA_DIST= in scripts/Makefile.am instead of specifying
8369 those files in the root Makefile.am
8373 Marc Hoersken (23 Mar 2022)
8374 - lib/warnless.[ch]: only check for WIN32 and ignore _WIN32
8376 curl_setup.h automatically defines WIN32 if just _WIN32 is defined.
8378 Therefore make sure curl_setup.h is included through warnless.h.
8380 Reviewed-by: Daniel Stenberg
8381 Reviewed-by: Jay Satiro
8385 - tests/server/util.h: align WIN32 condition with util.c
8387 There is no need to test for both _WIN32 and WIN32 as curl_setup.h
8388 automatically defines the later if the first one is defined.
8390 Also tests/server/util.c is only checking for WIN32 arouund the
8391 implementation of win32_perror, so just defining _WIN32
8392 would not be sufficient for a successful compilation.
8394 Reviewed-by: Daniel Stenberg
8395 Reviewed-by: Jay Satiro
8399 Daniel Stenberg (22 Mar 2022)
8400 - [Philip Heiduck brought this change]
8402 firefox-db2pem.sh: make the shell script safer
8408 Jay Satiro (22 Mar 2022)
8409 - gtls: fix build for disabled TLS-SRP
8411 Prior to this change if, at build time, the GnuTLS backend was found to
8412 have TLS-SRP support (HAVE_GNUTLS_SRP) but TLS-SRP was disabled in curl
8413 via --disable-tls-srp (!USE_TLS_SRP) then a build error would occur.
8415 Bug: https://curl.se/mail/lib-2022-03/0046.html
8416 Reported-by: Robert Brose
8418 Closes https://github.com/curl/curl/pull/8604
8420 - winbuild: Add a Visual Studio example to the README
8422 - Add an example that explains in detail how the user can add libcurl to
8423 their Visual Studio project.
8425 Ref: https://github.com/curl/curl/issues/8591
8427 Closes https://github.com/curl/curl/pull/8592
8429 - docs/opts: Mention Schannel client cert type is P12
8431 Schannel backend code behaves same as Secure Transport, it expects a P12
8432 certificate file or the name of a certificate already in the user's OS
8433 key store. Also, both backends ignore CURLOPT_SSLKEY (tool: --key)
8434 because they expect the private key to already be available from the
8435 keystore or P12 certificate.
8437 Ref: https://github.com/curl/curl/discussions/8581#discussioncomment-2337260
8439 Closes https://github.com/curl/curl/pull/8587
8441 Daniel Stenberg (22 Mar 2022)
8442 - lib1945: fix compiler warning 4706 on MSVC
8444 Follow-up from d1e4a677340c
8448 - [Philip Heiduck brought this change]
8450 ci/event-based.yml: improve impacket install
8453 install impacket with library module
8457 - test1459: disable for oldlibssh
8459 This test with libssh 0.9.3 works fine on github but fails on circleci.
8460 Might as well disable this test for oldlibssh installations.
8464 - test1135: sync with recent API updates
8466 This test verifies that the order of functions in public headers remain
8467 the same but hasn't been updated to care for recently added header
8468 files. The order is important for some few platforms - or VERSIONINFO
8471 This fix also updates VERSIONINFO to be sure.
8475 - curl_easy_nextheader.3: fix two typos
8477 Reported-by: Timothe Litt
8478 Bug: https://curl.se/mail/lib-2022-03/0060.html
8480 - options: remove mistaken space before paren in prototype
8482 - cirrus: add --enable-headers-api for some windows builds
8484 - GHA: --enable-headers-api in all workflows
8486 - lib: make the headers API depend on --enable-headers-api
8488 - configure: add --enable-headers-api to enable the headers API
8490 Defaults to disabled while labeled EXPERIMENTAL.
8492 Make all the headers API tests require 'headers-api' to run.
8494 - test1671: verify -w '%{header_json}
8496 - test1670: verify -w %header{}
8498 - curl: add %{header_json} support in -w handling
8500 Outputs all response headers as a JSON object.
8502 - curl: add %header{name} support in -w handling
8504 Outputs the response header 'name'
8506 - header api: add curl_easy_header and curl_easy_nextheader
8508 Add test 1940 to 1946 to verify.
8512 - test1459: remove the different exit code for oldlibssh
8514 When using libssh/0.9.3/openssl/zlib, we seem to be getting the "right"
8519 - libssh: unstick SFTP transfers when done event-based
8521 Test 604 and 606 (at least).
8525 - gha: move the event-based test over from Zuul
8527 Switched libssh2 to libssh
8531 - RELEASE-NOTES: synced
8533 - http: return error on colon-less HTTP headers
8535 It's a protocol violation and accepting them leads to no good.
8537 Add test case 398 to verify
8541 - test718: edited slightly to return better HTTP
8543 Since hyper is picky and won't play ball otherwise.
8545 Bug: https://github.com/hyperium/hyper/issues/2783
8546 Reported-by: Daniel Valenzuela
8549 - hyper: no h2c support
8551 Make tests require h2c feature present to run, and only set h2c if
8552 nghttp2 is used in the build. Hyper does not support it.
8554 Remove those tests from DISABLED
8559 - configure: bump the copyright year range int the generated output
8561 - [Andreas Falkenhahn brought this change]
8563 BINDINGS.md: add Hollywood binding
8567 - HISTORY: add some 2022 data
8569 - scripts/copyright.pl: ignore the new mlc_config.json file
8571 - [Philip Heiduck brought this change]
8573 mlc_config.json: add file to ignore known troublesome URLs
8575 This is the config file for the CI markdown link checker and lets us
8576 filter URLs that are known to cause problems. Like
8577 https://curl.zuul.vexxhost.dev/ for now.
8581 - [Philip Heiduck brought this change]
8583 winbuild/README.md: fixup dead link
8587 Jay Satiro (18 Mar 2022)
8588 - rtsp: don't let CSeq error override earlier errors
8590 - When done, if an error has already occurred then don't check the
8591 sequence numbers for mismatch.
8593 A sequence number may not have been received if an error occurred.
8595 Prior to this change a sequence mismatch error would override earlier
8596 errors. For example, a server that returns nothing would cause error
8597 CURLE_GOT_NOTHING in Curl_http_done which was then overridden by
8598 CURLE_RTSP_CSEQ_ERROR in rtsp_done.
8600 Closes https://github.com/curl/curl/pull/8525
8602 - lib: fix some misuse of curlx_convert_wchar_to_UTF8
8604 curlx_convert_wchar_to_UTF8 must be freed by curlx_unicodefree, but
8605 prior to this change some uses mistakenly called free.
8607 I've reviewed all other uses of curlx_convert_wchar_to_UTF8 and
8608 curlx_convert_UTF8_to_wchar.
8610 Ref: https://github.com/curl/curl/commit/1d5d0ae
8612 Closes https://github.com/curl/curl/pull/8521
8614 - mk-ca-bundle.pl: Use stricter logic to process the certificates
8616 .. and bump version to 1.29.
8618 This change makes the script properly ignore unknown blocks and
8619 otherwise fail when Mozilla changes the certdata format in ways we
8620 don't expect. Though this is less flexible behavior it makes it far less
8621 likely that an invalid certificate can slip through.
8623 Prior to this change the state machine did not always properly reset,
8624 and it was possible that a certificate marked as invalid could then
8625 later be marked as valid when there was conflicting trust info or
8626 an unknown block was erroneously processed as part of the certificate.
8628 Ref: https://github.com/curl/curl/pull/7801#pullrequestreview-768384569
8630 Closes https://github.com/curl/curl/pull/8411
8632 Marcel Raad (17 Mar 2022)
8633 - test375: fix line endings on Windows
8635 Closes https://github.com/curl/curl/pull/8599
8637 Daniel Stenberg (17 Mar 2022)
8638 - http: reject header contents with nul bytes
8640 They are not allowed by the protocol and allowing them risk that curl
8641 misbehaves somewhere where C functions are used but won't work on the
8642 full contents. Further, they are not supported by hyper and they cause
8643 problems for the new coming headers API work.
8645 Updated test 262 to verify and enabled it for hyper as well
8649 - [Philip Heiduck brought this change]
8651 CI: Do not use buildconf. Instead, just use: autoreconf -fi
8655 - RELEASE-NOTES: synced
8657 Jay Satiro (14 Mar 2022)
8658 - libssh: Improve fix for missing SSH_S_ stat macros
8660 - If building libcurl against an old libssh version missing SSH_S_IFMT
8661 and SSH_S_IFLNK then use the values from a supported version.
8663 Prior to this change if libssh did not define SSH_S_IFMT and SSH_S_IFLNK
8664 then S_IFMT and S_IFLNK, respectively, were used instead. The problem
8665 with that is the user's S_ stat macros don't have the same values across
8666 platforms. For example Windows has values different from Linux.
8668 Follow-up to 7b0fd39.
8670 Ref: https://github.com/curl/curl/pull/8511#discussion_r815292391
8671 Ref: https://github.com/curl/curl/pull/8574
8673 Closes https://github.com/curl/curl/pull/8588
8675 Marc Hoersken (13 Mar 2022)
8676 - tool and tests: force flush of all buffers at end of program
8678 On Windows data can be lost in buffers in case of abnormal program
8679 termination, especially in process chains as seen due to flaky tests.
8680 Therefore flushing all buffers manually should avoid this data loss.
8682 In the curl tool we play the safe game by only flushing write buffers,
8683 but in the testsuite where we manage all buffers, we flush everything.
8685 This should drastically reduce Windows CI and testsuite flakiness.
8687 Reviewed-by: Daniel Stenberg
8689 Supersedes #7833 and #6064
8692 Daniel Stenberg (12 Mar 2022)
8693 - [Jan Venekamp brought this change]
8695 BearSSL: add CURLOPT_SSL_CTX_FUNCTION support
8699 - [Jan Venekamp brought this change]
8701 BearSSL: add CURLOPT_SSL_CIPHER_LIST support
8705 Dan Fandrich (11 Mar 2022)
8706 - tool_cb_hdr: Turn the Location: into a terminal hyperlink
8708 This turns even relative URLs into clickable hyperlinks in a supported
8709 terminal when --styled-output is enabled. Many terminals already turn
8710 URLs into clickable links but there is not enough information in a
8711 relative URL to do this automatically otherwise.
8713 - keepalive-time.d: It takes many probes to detect brokenness
8715 Daniel Stenberg (11 Mar 2022)
8716 - [HexTheDragon brought this change]
8718 curl: add --no-clobber
8720 Does not overwrite output files if they already exist
8723 Co-authored-by: Daniel Stenberg
8725 - RELEASE-NOTES: synced
8727 also bump next pending version to become 7.83.0
8729 - [Jean-Philippe Menil brought this change]
8731 openssl: check SSL_get_peer_cert_chain return value
8733 Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
8736 - [Jay Satiro brought this change]
8738 mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl
8740 mk-ca-bundle.vbs is a Windows-specific script for Mozilla certificate
8741 extraction, similar to mk-ca-bundle.pl which runs on any platform. The
8742 vbs version has not been maintained while the perl version has been
8743 maintained with improvements and security fixes. I don't think it's
8744 worth the work to maintain both versions. Windows users should be able
8745 to use mk-ca-bundle.pl without any problems, as long as they have perl.
8749 - CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype
8751 Copy and paste error
8753 Reported-by: Francisco Olarte
8757 - remove-on-error.d: typo
8759 Reported-by: Colin Leroy
8760 Bug: https://github.com/curl/curl/pull/8503#pullrequestreview-906520081
8762 - curl: add --remove-on-error
8764 If a transfer returns an error, using this option makes curl remove the
8765 leftover downloded (partial) local file before exiting.
8767 Added test 376 to verify
8771 - libssh: fix build with old libssh versions
8773 ... that don't have the SSH_S_* defines. Spotted on a machine using
8778 - hyper: fix status_line() return code
8780 Detected while working on #7708 that happened to trigger an error here
8781 with a new test case.
8785 - [Alejandro R. SedeƱo brought this change]
8787 configure.ac: move -pthread CFLAGS setting back where it used to be
8789 The fix for #8276 proposed in #8374 set `CFLAGS="$CFLAGS -pthead"`
8790 earlier than it used to be set, applying it in cases where it should not
8793 This moves the AIX XLC check to a new `case $host in` block inside of
8794 the `if test "$USE_THREADS_POSIX" != "1"` block, where `CFLAGS="$CFLAGS
8795 -pthead"` used to happen.
8800 - [Tatsuhiro Tsujikawa brought this change]
8802 ngtcp2: add client certificate authentication for OpenSSL
8806 - tool_operate: fix a scan-build warning
8808 ... and avoid the temp storing of the return code in a diff variable.
8812 - test375: verify that --proxy errors out if proxy is disabled in the build
8816 - curl: error out when options need features not present in libcurl
8818 Trying to use a proxy when libcurl was built with proxy support disabled
8819 should make curl error out properly.
8821 Remove knowledge of disabled features from the tool code and instead
8822 make it properly respond to what libcurl returns. Update all tests to
8823 properly require the necessary features to be present/absent so that the
8824 test suite can still be run even with libcurl builds with disabled
8827 Ref: https://curl.se/mail/archive-2022-03/0013.html
8830 - ngtcp2: disconnect the QUIC connection proper
8832 Reported-by: mehatzri on github
8833 Reviewed-by: Tatsuhiro Tsujikawa
8837 Dan Fandrich (9 Mar 2022)
8838 - test386: Fix an incorrect test markup tag
8840 Daniel Stenberg (9 Mar 2022)
8841 - [Don J Olmstead brought this change]
8843 nonblock: restore setsockopt method to curlx_nonblock
8845 The implementation using setsockopt was removed when BeOS support was
8846 purged. However this functionality wasn't BeOS specific, it is still
8847 used by for example Orbis OS (Playstation 4/5 OS).
8851 - openssl: fix CN check error code
8853 Due to a missing 'else' this returns error too easily.
8855 Regressed in: d15692ebb
8857 Reported-by: Kristoffer Gleditsch
8861 - [Frank Meier brought this change]
8863 connect: make Curl_getconnectinfo work with conn cache from share handle